APLawrence.com -  Resources for Unix and Linux Systems, Bloggers and the self-employed

Insider Threat

© February 2009 Michael Desrosers
Michael Desrosers

This month's topic is Insider Threat, and how to strategize and implement processes that will alleviate this risk in an organization. The body and scope of this e-newsletter will deal with how to minimize that risk.

An enormous threat exists within each and every organization. On a poorly secured and designed network, current and former employees can steal data or access resources that they are not authorized to use. Worldwide, millions of businesses were hit in 2008 by these inside breaches of trust. In the United States 204,000 small and medium-sized businesses (SMBs) with 1 to 1,000 employees, reported electronic and physical information loss from deliberate insider attacks. According to a survey by the marketing research firm AMI-Partners, 645,000 businesses reported the unauthorized use of computers and private networks. They also reported that 11 percent of these SMBs, admitted to the theft of knowledge capital and proprietary information.

Today, the inside of an organization extends beyond the walls of their office buildings. The Internet allows company assets to carry business sensitive email and downloads, for a wide range of public and private files. Mobile computing allows employees to perform their current job responsibilities beyond these walls, but can elevate the risk of malware, keyloggers and data theft. These assets tend to also "grow legs", which last year accounted for over half of all identity theft related data breaches worldwide. Not surprisingly, SMBs are now investing in more stringent security controls for their assets. The key investment focus should be security threats posed by employees, whether it is accidental or malicious by nature.

The following items should be implemented to form a strategy that will limit or deter insider security breaches:

Develop and enforce Human Resource (HR) policies that perform some type of background checks, monitor employee behavior and revoke system and network access upon termination of their employment;

Establish and strictly enforce security policies that promote the "principle of least privilege" for each and every employee, giving access to job essential information and assets only;

Conduct quarterly security posture reviews and assessments, that will identify an organizations exploitable vulnerabilities and weaknesses;

Implement a three-tiered or multilayer security architecture, that will reduce these vulnerabilities and exploitable weaknesses. The architecture should incorporate technologies and processes that can protect, detect and respond to threats and incidents.

They should include:

* Firewalls and IDS/IDP appliances;
* Network Admission Control;
* Anti-malware software suites;
* Strong authentication;
* Data encryption for laptops and mobile storage devices.

Involve outside expertise and skill sets. Maintaining adequate security is an ongoing and often complex undertaking. For many SMBs, the most cost effective way to address security issues is to outsource these services to firms that specialize in network security. They can help establish policies and procedures, assess and implement security postures and recommend solutions that will harden your environment.

Prepare for a breach or attack. Simulate attacks with your testing to improve and better coordinate your organizations responses. Your preparation should develop action checklists that allow you to:

* Classify attack type;
* Take steps to stop each type of attack;
* Preserve digital forensic evidence and syslog records.


Periodically evaluate the effectiveness of your network security by conducting a penetration test (pen-test), which simulates a malicious user or attacker. Have an impartial third party such as a consultant or business vendor, conduct these tests.

There you have it. Most information security councils and consulting firms agree, that insider threats now present the most exposure and risk to an organization. It is also one of the most critical vectors that a business must protect, yet a certain level of assumed trust must exist for the business to succeed. That's why it should occupy a very important step, in your organizations overall risk management program.

To view more articles:

Articles by Michael Desrosiers

or to inquire about an on-site presentation, please feel free to call me at 508-995-4933 or email me at mdesrosiers@m3ipinc.com.

Until next time.....


Michael Desrosiers
Founder & Principal Consultant
m3ip, Inc.
Managing Your Security and Risk Needs

Got something to add? Send me email.

(OLDER)    <- More Stuff -> (NEWER)    (NEWEST)   

Printer Friendly Version

-> Insider Threat

1 comment

Inexpensive and informative Apple related e-books:

iOS 8: A Take Control Crash Course

Take Control of the Mac Command Line with Terminal, Second Edition

Take Control of Pages

Take Control of iCloud, Fifth Edition

Photos for Mac: A Take Control Crash Course

More Articles by © Michael Desrosers

Mon Feb 9 15:56:58 2009: 5355   BigDumbDInosaur

In addition to the above technical matters, you need to know your employees. Technology may be good in identifying security issues related to the technology itself. However, technology can't identify the fundamental source of all security breaches: dishonest employees. Only employer vigilance can do that. In other words, don't assume that because you've taken steps to secure your system you have a secure system. Since employees have to have access in order to perform useful work, you cannot totally protect your system with technology alone. You have to be able to trust your employees, and know when one is tapping into data for dishonest reasons.


Printer Friendly Version

Have you tried Searching this site?

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us

Printer Friendly Version

There are two ways to write error-free programs; only the third one works. (Alan Perlis)

Linux posts

Troubleshooting posts

This post tagged:



Unix/Linux Consultants

Skills Tests

Unix/Linux Book Reviews

My Unix/Linux Troubleshooting Book

This site runs on Linode