This month's topic is Insider Threat, and how to strategize and implement
processes that will alleviate this risk in an organization. The body and
scope of this e-newsletter will deal with how to minimize that risk.
An enormous threat exists within each and every organization. On a
poorly secured and designed network, current and former employees
can steal data or access resources that they are not authorized to
use. Worldwide, millions of businesses were hit in 2008 by these inside
breaches of trust. In the United States 204,000 small and medium-sized
businesses (SMBs) with 1 to 1,000 employees, reported electronic and
physical information loss from deliberate insider attacks. According to
a survey by the marketing research firm AMI-Partners, 645,000 businesses
reported the unauthorized use of computers and private networks. They also
reported that 11 percent of these SMBs, admitted to the theft of knowledge
capital and proprietary information.
Today, the inside of an organization extends beyond the walls of their
office buildings. The Internet allows company assets to carry business
sensitive email and downloads, for a wide range of public and private
files. Mobile computing allows employees to perform their current job
responsibilities beyond these walls, but can elevate the risk of malware,
keyloggers and data theft. These assets tend to also "grow legs", which
last year accounted for over half of all identity theft related data
breaches worldwide. Not surprisingly, SMBs are now investing in more
stringent security controls for their assets. The key investment focus
should be security threats posed by employees, whether it is accidental
or malicious by nature.
The following items should be implemented to form a strategy that will
limit or deter insider security breaches:
Develop and enforce Human Resource (HR) policies that perform some type
of background checks, monitor employee behavior and revoke system and
network access upon termination of their employment;
Establish and strictly enforce security policies that promote the
"principle of least privilege" for each and every employee, giving
access to job essential information and assets only;
Conduct quarterly security posture reviews and assessments, that will
identify an organizations exploitable vulnerabilities and weaknesses;
Implement a three-tiered or multilayer security architecture, that
will reduce these vulnerabilities and exploitable weaknesses. The
architecture should incorporate technologies and processes that can
protect, detect and respond to threats and incidents.
They should include:
* Firewalls and IDS/IDP appliances;
* Network Admission Control;
* Anti-malware software suites;
* Strong authentication;
* Data encryption for laptops and mobile storage devices.
Involve outside expertise and skill sets. Maintaining adequate security
is an ongoing and often complex undertaking. For many SMBs, the most cost
effective way to address security issues is to outsource these services to
firms that specialize in network security. They can help establish policies
and procedures, assess and implement security postures and recommend
solutions that will harden your environment.
Prepare for a breach or attack. Simulate attacks with your testing to
improve and better coordinate your organizations responses. Your
preparation should develop action checklists that allow you to:
* Classify attack type;
* Take steps to stop each type of attack;
* Preserve digital forensic evidence and syslog records.
Periodically evaluate the effectiveness of your network security by
conducting a penetration test (pen-test), which simulates a malicious
user or attacker. Have an impartial third party such as a consultant
or business vendor, conduct these tests.
There you have it. Most information security councils and consulting firms
agree, that insider threats now present the most exposure and risk to an
organization. It is also one of the most critical vectors that a business
must protect, yet a certain level of assumed trust must exist for the
business to succeed. That's why it should occupy a very important step, in
your organizations overall risk management program.
To view more articles:
Articles by Michael Desrosiers
or to inquire about an on-site presentation, please feel free to call me at
508-995-4933 or email me at firstname.lastname@example.org.
Until next time.....
Founder & Principal Consultant
Managing Your Security and Risk Needs
Got something to add? Send me email.
Increase ad revenue 50-250% with Ezoic
More Articles by Michael Desrosers
© 2009-11-07 Michael Desrosers