21. May 2012, 22:26 | by WD Milner | Full Article |

Ask any computer professional who works in security what the biggest threat to an information system is and you might be surprised at the answer. It's not outside “hackers”, it is insiders within the organization itself. And the best way to stop these internal attacks is by putting a solid prevention program in place.

A list of recommendations was presented at the RSA security conference in San Francisco in March of this year by Dan Cappelli of Carnegie-Mellon University's CERT Insider Threat Center. Creating a policy that implements this can go a very long way to reducing or preventing insider breaches.

  1. Determine what is the single most important piece of information in your organization. This should then be secured with encryption, access controls, monitoring and logging of who touches the data.
  2. Apply experience learned from past attacks. Often a malicious insider will try attacks that have been used before successfully. Once any attack vector has been attempted, ensure that it is closed off as soon as possible.
  3. Mitigate threats from business partner and other "trusted" insider threats. Once intellectual property leaves the organization, handling the situation becomes several orders of magnitude greater — or impossible if the data is taken out of the country.
  4. Be alert for behavioural warning signs. The changes in insider behaviour that make human resource people uneasy are often the first sign of what could become a major security issue. Prepare a response plan ahead of time, just in case.
  5. Establish security policies that clearly explain to all insiders that data access throughout the organization is audited. Train employees to be wary of recruiters and emphasize that if data is used illegally by someone an insider gave it to, they can be held responsible.
  6. The majority of attacks by insiders come from disgruntled employees and occur with 30 days, before or after, of resignation or termination of contract. A close watch should be kept on departing employees and what data they viewed and/or had access to prior to their departure and proceed accordingly. Fraud is an exception as the attacks will likely continue so long as it is profitable and safe for the attacker to do so.
  7. Apply many of the available tools used to monitor and keep intruders out of systems, to monitor and spot anomalies on the inside. For example logging tools that can monitor data access, or spot patterns in e-mail usage and the changes to same.
  8. Be aware of privacy issues. Designing a security policy without such consideration, and legal consultation can leave you vulnerable.
  9. Those organizations that prepare in advance for attacks and data breaches generally fare better in the aftermath. Part of good security preparation is to include al relevant departments from security, human resources, management, legal, and IT.
  10. If not done already, start creating a threat prevention and recovery program as soon as possible. This will likely be helped by the participation and support from senior management.

Protecting an organization’s assets and data takes more than just technology. It requires an awareness and assessment of risks, the creation and placement of proper policy and procedures, and a properly designed reaction and response plan to respond quickly and minimize exposure should it become necessary.

- 30 -

Categories: ,
Keywords: insider threat,risk,security,mitigation



Textile help
* Indicates a required field.

As a SPAM prevention measure, comments are moderated and will be posted once vetted.


Article & Comments

Comments are not enabled for all articles or documents.

Article Navigation


Internet and WWW
Music and Audio
Society and Culture
Stage and Screen
Tips and Tricks
Web Design
Web Site

The Birches - Support Child Safety Online


 Help to FIGHT spam!