This month's topic is Insider Threat, and how to strategize and implement processes that will alleviate this risk in an organization. The body and scope of this e-newsletter will deal with how to minimize that risk.
An enormous threat exists within each and every organization. On a poorly secured and designed network, current and former employees can steal data or access resources that they are not authorized to use. Worldwide, millions of businesses were hit in 2008 by these inside breaches of trust. In the United States 204,000 small and medium-sized businesses (SMBs) with 1 to 1,000 employees, reported electronic and physical information loss from deliberate insider attacks. According to a survey by the marketing research firm AMI-Partners, 645,000 businesses reported the unauthorized use of computers and private networks. They also reported that 11 percent of these SMBs, admitted to the theft of knowledge capital and proprietary information.
Today, the inside of an organization extends beyond the walls of their office buildings. The Internet allows company assets to carry business sensitive email and downloads, for a wide range of public and private files. Mobile computing allows employees to perform their current job responsibilities beyond these walls, but can elevate the risk of malware, keyloggers and data theft. These assets tend to also "grow legs", which last year accounted for over half of all identity theft related data breaches worldwide. Not surprisingly, SMBs are now investing in more stringent security controls for their assets. The key investment focus should be security threats posed by employees, whether it is accidental or malicious by nature.
The following items should be implemented to form a strategy that will limit or deter insider security breaches:
Develop and enforce Human Resource (HR) policies that perform some type of background checks, monitor employee behavior and revoke system and network access upon termination of their employment;
Establish and strictly enforce security policies that promote the "principle of least privilege" for each and every employee, giving access to job essential information and assets only;
Conduct quarterly security posture reviews and assessments, that will identify an organizations exploitable vulnerabilities and weaknesses;
Implement a three-tiered or multilayer security architecture, that will reduce these vulnerabilities and exploitable weaknesses. The architecture should incorporate technologies and processes that can protect, detect and respond to threats and incidents.
They should include:
* Firewalls and IDS/IDP appliances;
* Network Admission Control;
* Anti-malware software suites;
* Strong authentication;
* Data encryption for laptops and mobile storage devices.
Involve outside expertise and skill sets. Maintaining adequate security is an ongoing and often complex undertaking. For many SMBs, the most cost effective way to address security issues is to outsource these services to firms that specialize in network security. They can help establish policies and procedures, assess and implement security postures and recommend solutions that will harden your environment.
Prepare for a breach or attack. Simulate attacks with your testing to improve and better coordinate your organizations responses. Your preparation should develop action checklists that allow you to:
* Classify attack type;
* Take steps to stop each type of attack;
* Preserve digital forensic evidence and syslog records.
Periodically evaluate the effectiveness of your network security by conducting a penetration test (pen-test), which simulates a malicious user or attacker. Have an impartial third party such as a consultant or business vendor, conduct these tests.
There you have it. Most information security councils and consulting firms agree, that insider threats now present the most exposure and risk to an organization. It is also one of the most critical vectors that a business must protect, yet a certain level of assumed trust must exist for the business to succeed. That's why it should occupy a very important step, in your organizations overall risk management program.
To view more articles:
or to inquire about an on-site presentation, please feel free to call me at 508-995-4933 or email me at [email protected]
Until next time.....
If you found something useful today, please consider a small donation.
Got something to add? Send me email.
More Articles by Michael Desrosers © 2009-11-07 Michael Desrosers