APLawrence.com -  Resources for Unix and Linux Systems, Bloggers and the self-employed

Insider Threat

Michael Desrosers

This month's topic is Insider Threat, and how to strategize and implement processes that will alleviate this risk in an organization. The body and scope of this e-newsletter will deal with how to minimize that risk.

An enormous threat exists within each and every organization. On a poorly secured and designed network, current and former employees can steal data or access resources that they are not authorized to use. Worldwide, millions of businesses were hit in 2008 by these inside breaches of trust. In the United States 204,000 small and medium-sized businesses (SMBs) with 1 to 1,000 employees, reported electronic and physical information loss from deliberate insider attacks. According to a survey by the marketing research firm AMI-Partners, 645,000 businesses reported the unauthorized use of computers and private networks. They also reported that 11 percent of these SMBs, admitted to the theft of knowledge capital and proprietary information.

Today, the inside of an organization extends beyond the walls of their office buildings. The Internet allows company assets to carry business sensitive email and downloads, for a wide range of public and private files. Mobile computing allows employees to perform their current job responsibilities beyond these walls, but can elevate the risk of malware, keyloggers and data theft. These assets tend to also "grow legs", which last year accounted for over half of all identity theft related data breaches worldwide. Not surprisingly, SMBs are now investing in more stringent security controls for their assets. The key investment focus should be security threats posed by employees, whether it is accidental or malicious by nature.

The following items should be implemented to form a strategy that will limit or deter insider security breaches:

Develop and enforce Human Resource (HR) policies that perform some type of background checks, monitor employee behavior and revoke system and network access upon termination of their employment;

Establish and strictly enforce security policies that promote the "principle of least privilege" for each and every employee, giving access to job essential information and assets only;

Conduct quarterly security posture reviews and assessments, that will identify an organizations exploitable vulnerabilities and weaknesses;

Implement a three-tiered or multilayer security architecture, that will reduce these vulnerabilities and exploitable weaknesses. The architecture should incorporate technologies and processes that can protect, detect and respond to threats and incidents.

They should include:

* Firewalls and IDS/IDP appliances;
* Network Admission Control;
* Anti-malware software suites;
* Strong authentication;
* Data encryption for laptops and mobile storage devices.

Involve outside expertise and skill sets. Maintaining adequate security is an ongoing and often complex undertaking. For many SMBs, the most cost effective way to address security issues is to outsource these services to firms that specialize in network security. They can help establish policies and procedures, assess and implement security postures and recommend solutions that will harden your environment.

Prepare for a breach or attack. Simulate attacks with your testing to improve and better coordinate your organizations responses. Your preparation should develop action checklists that allow you to:

* Classify attack type;
* Take steps to stop each type of attack;
* Preserve digital forensic evidence and syslog records.

`

Periodically evaluate the effectiveness of your network security by conducting a penetration test (pen-test), which simulates a malicious user or attacker. Have an impartial third party such as a consultant or business vendor, conduct these tests.

There you have it. Most information security councils and consulting firms agree, that insider threats now present the most exposure and risk to an organization. It is also one of the most critical vectors that a business must protect, yet a certain level of assumed trust must exist for the business to succeed. That's why it should occupy a very important step, in your organizations overall risk management program.

To view more articles:

Articles by Michael Desrosiers

or to inquire about an on-site presentation, please feel free to call me at 508-995-4933 or email me at [email protected]

Until next time.....

Regards,

Michael Desrosiers
Founder & Principal Consultant
m3ip, Inc.
Managing Your Security and Risk Needs
(O)508.995.4933
(C)774.644.0599
(F)508.995.4933
[email protected]
http://www.m3ipinc.com



Got something to add? Send me email.



1 comment



Increase ad revenue 50-250% with Ezoic


More Articles by © Michael Desrosers







Mon Feb 9 15:56:58 2009: 5355   BigDumbDInosaur

gravatar
In addition to the above technical matters, you need to know your employees. Technology may be good in identifying security issues related to the technology itself. However, technology can't identify the fundamental source of all security breaches: dishonest employees. Only employer vigilance can do that. In other words, don't assume that because you've taken steps to secure your system you have a secure system. Since employees have to have access in order to perform useful work, you cannot totally protect your system with technology alone. You have to be able to trust your employees, and know when one is tapping into data for dishonest reasons.



------------------------
Kerio Connect Mailserver

Kerio Samepage

Kerio Control Firewall

Have you tried Searching this site?

Unix/Linux/Mac OS X support by phone, email or on-site: Support Rates

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us





Everyone knows that debugging is twice as hard as writing a program in the first place. So if you're as clever as you can be when you write it, how will you ever debug it? (Brian Kernighan)

The psychological profiling [of a programmer] is mostly the ability to shift levels of abstraction, from low level to high level. To see something in the small and to see something in the large. (Donald Knuth)












This post tagged: