Inside the Insider

By

Neville Isdell said that the breach “…underscores the responsibility we each have to be vigilant in protecting our trade secrets. Information is the lifeblood of the company.”

Inside the Insider
Three Coca-Cola employees were charged with stealing confidential information and samples of a new drink in hope of selling them to competitor PepsiCo Inc. Pepsi reported the incident and worked with Coca-Cola and authorities to investigate it.

Coke’s chief executive, Neville Isdell said that the breach “…underscores the responsibility we each have to be vigilant in protecting our trade secrets. Information is the lifeblood of the company.”

While we seem to be inundated with reports of data breaches similar to the Coca-Cola example above, we may not know the full extent of the problem. More than 80 percent of our clients have experienced at least one and possibly more unreported insider-related security breaches within their organisation.

Would you know if your email administrator or any one of your privileged IT staff was regularly reading your email and that of other staff such as the CEO? Well I can assure you that our experience shows that this kind of practice goes on undetected in seven out of ten organisations that we monitor.

Lack of resources and leadership makes it difficult to address the insider threat. Speaking with our clients we have found out that the number one barrier to addressing this risk is lack of sufficient resources, followed by lack of leadership and finally ownership of managing insider threats.

In most cases the CEO does not even believe the insider threat is serious, while in contrast the IT and security staff believes that it should be taken seriously.

Insiders have two things that external attackers don’t: privileged access and trust. This allows them to bypass preventative measures, access mission-critical assets, and conduct malicious acts all while flying under the radar unless a strong incident detection solution is in place. Some employees become malicious over time; others may be spies planted to conduct industrial espionage; while still others simply make mistakes that unknowingly put the organisation at risk.

A number of variables motivate insiders, but the end result is that they can more easily perpetrate their crimes than an outsider who has limited access.

It doesn’t take a skilled hacker to print out sensitive data, copy files to an MP3 player or send confidential information to a competitor. Because of this, anybody can become a malicious insider—from the disgruntled system administrator hoping to sabotage access to business critical systems to the human resources intern that is selling employee salary information to recruiters.

Insiders can directly damage your business resulting in lost revenue, lost customers, reduced shareholder faith, a tarnished reputation, regulatory fines and legal fees.

So what is the root cause of insider threats? In most of the cases we have investigated it has been either due to accidental data leaks that occur because employees or contractors lack sufficient knowledge about preventative measures and they are simply careless.

In addition, it could also be due to corporate sabotage such as the deliberate destruction of IT equipment which also occurs frequently because employees or contractors are malicious or disgruntled.

Our clients believe that their system admin and other privileged users appear to represent a much lower insider risk to their organisation, although they have the most access.

Some of the manual controls deployed by our clients to mitigate or reduce insider threats include supervision and management, training and awareness activities and independent audits. While some of the most frequently deployed automated technologies include identity and access management, encryption, content filtering, data leak detection and prevention.

All security events need end-to-end management, but this is particularly relevant for insiders. Managing an insider can be a sensitive topic that is politically-charged and it requires that policies and procedures be directly integrated into the solution.

From case management, event annotation and escalation to reporting, auditing and access to insider-relevant information, the technical solution must be in line with the organisation’s procedures.

Insiders need to be addressed consistently, efficiently and effectively regardless of who they are. This process requires executive sponsorship and the involvement of major stakeholders such as human resources, legal, IT and management.

Security teams can identify the insider, but the company needs to carry out the disciplinary actions. In fact, one of the key requirements in managing insider threats is the right of privacy, where the observed activity is analysed with an indirect reference to the individual performing it. Only authorised system users, such as IT security management or human resources actually know the identity of the suspicious individual.

Depending on the nature of the insider threat, rapid response may be appropriate. Based on your company’s policies, the response may be automated or may require human intervention. Regardless of the events triggering the response, a number of techniques can be used including: moving the malicious user to a quarantined network, disallowing them access to sensitive assets, completely blocking their computer from network connectivity, disabling user accounts and even preventing them from physically entering access controlled areas.

Carlo Minassian is the founder and CEO of earthwave, the leading Australian provider of security services.

Multi page
Got a news tip for our journalists? Share it with us anonymously here.
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Log In

  |  Forgot your password?