The enemy within
by Brian Honan - CEO BH Consulting - Thursday, 21 November 2013.
Recent high-profile cases in the press have called attention to the threat the trusted insider can pose to the security of an organization. A recent survey highlighted that employees often have access rights that are way beyond the ones they actually require for their roles. Another survey by the University of Glasgow showed the risks posed to corporate data by employees using consumer-based cloud services such as Dropbox.

While many organizations are aware of the threat coming from internal sources, they are often reluctant to acknowledge it as it implies they don't trust their employees. Another problem is our natural instinct telling us not to trust strangers, and consequently we focus much more on external threats.

In addition to this, the external threat is the one that gets the most media publicity and as a result is easier to “sell” to senior management. However, study after study highlights that an increasing number of breaches are being caused by the accidental or deliberate actions of the trusted insider.

While malicious attacks tend to be rarer than accidental attacks, they can invariably cost the organization more due to their targeted nature. Another thing to consider is that many criminals are now using innocent insiders as a way to gain access to data. This can be achieved by sending a malicious attachment or link via email, and results in the download of malicious software onto the unsuspecting users’ PC, or simply them being tricked into revealing their password.

The current economic climate creates a lot of new risks and amplifies existing ones. Cutbacks in staff numbers or hiring freezes can lead to the remaining staff being overworked, resulting in them potentially making more mistakes. The cutbacks can also result in fewer experienced staff being available to spot a mistake or deliberate act that could lead to a breach.

Other staff, especially those who have had their pay reduced or feel their job is under threat, may be under increased financial pressure which could make them more susceptible to stealing data for financial gain or being bribed to do so.

Staff may also steal specific data, such as customer lists, intellectual property or other sensitive business information as a "safety net" in the event they lose or change jobs as they feel having this data may provide them with an advantage when applying for or starting a new role. Finally, if a company is undergoing financial cut backs and redundancies are on the horizon, some staff may resent this and see stealing data as a way of getting revenge on the company.

So, how should an organization deal with the insider threat? The best way is to identify your key information assets, where they are located and who has access to them. Then you need ask yourself whether all the people who have access to that asset really need to have it, and whether their access rights are at the appropriate level. This is an exercise that should be done regularly.

You should also actively monitor and review your security logs and audit trails for any unusual activity or logins. Make sure that staff members are aware of the insider threat and the damage insiders can cause to the organization and potentially their jobs, so they can be vigilant for unusual or suspicious activity. Remember to keep staff aware of any new threats, such as new viruses or phishing emails, so they can be identify potential attacks or data losses.


Most IT pros have seen potentially embarrassing information about their colleagues

More than three-quarters of IT professionals have seen and kept secret potentially embarrassing information about their colleagues, according to new research conducted by AlienVault.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Wed, Feb 10th