Get APLawrence.com by RSS(OLDER) <- More Stuff -> (NEWER) (NEWEST)
Home > Michael Desrosiers > Insider Threat
Printer Friendly Version
Insider Threat
Michael Desrosers
This month's topic is Insider Threat, and how to strategize and implement processes that will alleviate this risk in an organization. The body and scope of this e-newsletter will deal with how to minimize that risk.
An enormous threat exists within each and every organization. On a poorly secured and designed network, current and former employees can steal data or access resources that they are not authorized to use. Worldwide, millions of businesses were hit in 2008 by these inside breaches of trust. In the United States 204,000 small and medium-sized businesses (SMBs) with 1 to 1,000 employees, reported electronic and physical information loss from deliberate insider attacks. According to a survey by the marketing research firm AMI-Partners, 645,000 businesses reported the unauthorized use of computers and private networks. They also reported that 11 percent of these SMBs, admitted to the theft of knowledge capital and proprietary information.
Today, the inside of an organization extends beyond the walls of their office buildings. The Internet allows company assets to carry business sensitive email and downloads, for a wide range of public and private files. Mobile computing allows employees to perform their current job responsibilities beyond these walls, but can elevate the risk of malware, keyloggers and data theft. These assets tend to also "grow legs", which last year accounted for over half of all identity theft related data breaches worldwide. Not surprisingly, SMBs are now investing in more stringent security controls for their assets. The key investment focus should be security threats posed by employees, whether it is accidental or malicious by nature.
The following items should be implemented to form a strategy that will limit or deter insider security breaches:
Develop and enforce Human Resource (HR) policies that perform some type of background checks, monitor employee behavior and revoke system and network access upon termination of their employment;
Establish and strictly enforce security policies that promote the "principle of least privilege" for each and every employee, giving access to job essential information and assets only;
Conduct quarterly security posture reviews and assessments, that will identify an organizations exploitable vulnerabilities and weaknesses;
Implement a three-tiered or multilayer security architecture, that will reduce these vulnerabilities and exploitable weaknesses. The architecture should incorporate technologies and processes that can protect, detect and respond to threats and incidents.
They should include:
* Firewalls and IDS/IDP appliances;
* Network Admission Control;
* Anti-malware software suites;
* Strong authentication;
* Data encryption for laptops and mobile storage devices.
Involve outside expertise and skill sets. Maintaining adequate security is an ongoing and often complex undertaking. For many SMBs, the most cost effective way to address security issues is to outsource these services to firms that specialize in network security. They can help establish policies and procedures, assess and implement security postures and recommend solutions that will harden your environment.
Prepare for a breach or attack. Simulate attacks with your testing to improve and better coordinate your organizations responses. Your preparation should develop action checklists that allow you to:
* Classify attack type;
* Take steps to stop each type of attack;
* Preserve digital forensic evidence and syslog records.
Periodically evaluate the effectiveness of your network security by conducting a penetration test (pen-test), which simulates a malicious user or attacker. Have an impartial third party such as a consultant or business vendor, conduct these tests.
There you have it. Most information security councils and consulting firms agree, that insider threats now present the most exposure and risk to an organization. It is also one of the most critical vectors that a business must protect, yet a certain level of assumed trust must exist for the business to succeed. That's why it should occupy a very important step, in your organizations overall risk management program.
To view more articles:
http://aplawrence.com/cgi-bin/getauthart.pl?Michael%20Desrosiers
or to inquire about an on-site presentation, please feel free to call me at 508-995-4933 or email me at mdesrosiers@m3ipinc.com.
Until next time.....
Regards,
Michael Desrosiers
Founder & Principal Consultant
m3ip, Inc.
Managing Your Security and Risk Needs
(O)508.995.4933
(C)774.644.0599
(F)508.995.4933
mdesrosiers@m3ipinc.com
http://www.m3ipinc.com
If this page was useful to you, please click to help others find it:
Your +1's can help friends, contacts, and others on the web find the best stuff when they search.
Inexpensive and informative Apple related e-books:
Take Control of Working with Your iPad
Sharing Files in Leopard
Screen Sharing in Snow Leopard
the Mac Command Line with Terminal
Take Control of Using Lion
More Articles by Michael Desrosers
Have you tried Searching this site?
Unix/Linux/Mac OS X support by phone, email or on-site: Support Rates
This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more. We appreciate comments and article submissions.
Many of the products and books I review are things I purchased for my own use. Some were given to me specifically for the purpose of reviewing them. I resell or can earn commissions from the sale of some of these items. Links within these pages may be affiliate links that pay me for referring you to them. That's mostly insignificant amounts of money; whenever it is not I have made my relationship plain. I also may own stock in companies mentioned here. If you have any question, please do feel free to contact me.
Specific links that take you to pages that allow you to purchase the item I reviewed are very likely to pay me a commission. Many of the books I review were given to me by the publishers specifically for the purpose of writing a review. These gifts and referral fees do not affect my opinions; I often give bad reviews anyway.
We use Google third-party advertising companies to serve ads when you visit our website. These companies may use information (not including your name, address, email address, or telephone number) about your visits to this and other websites in order to provide advertisements about goods and services of interest to you. If you would like more information about this practice and to know your choices about not having this information used by these companies, click here.
Click here to add your comments
Mon Feb 9 15:56:58 2009: BigDumbDInosaur
http://bcstechnology.net
In addition to the above technical matters, you need to know your employees. Technology may be good in identifying security issues related to the technology itself. However, technology can't identify the fundamental source of all security breaches: dishonest employees. Only employer vigilance can do that. In other words, don't assume that because you've taken steps to secure your system you have a secure system. Since employees have to have access in order to perform useful work, you cannot totally protect your system with technology alone. You have to be able to trust your employees, and know when one is tapping into data for dishonest reasons.
Don't miss responses! Subscribe to Comments by RSS or by Email
Click here to add your comments
If you want a picture to show with your comment, go get a Gravatar