Maintaining security during retrenchments

With the economy in tatters and layoffs happening so regularly that internet applications are being created solely to chronicle the firings, the insider threat is rising, as Dan Kaplan explains.

When Pioneer Electronics delivered pink slips to its North American contractors in January, the company had to ensure that any cost savings generated by the layoffs - not to mention years of corporate research and development - wouldn't be wiped out by a single disgruntled employee.

Pioneer gave its third-party workers about two weeks' notice of the impending firings, prime time for anyone seeking revenge to maliciously exploit their privileges before their access was cut for good.

But the IT department was not going to stand by and let, say, a nefarious contractor plunder its systems of sensitive data, namely the highly coveted intellectual property used to build Pioneer's pre-eminent plasma televisions.

With the help of a role-based identity solution that manages who can access the company's local area network (LAN), Pioneer was able to document activity in real time, assuring nobody crossed the line separating routine work and criminal act.

"We went through our logs and made sure nothing out of the ordinary jumped out at us," says Max Reissmueller, 40, the company's senior manager of IT operations and infrastructure.

"We concentrated primarily [on] the IT contractors, but did perform a less thorough check on some of the others. We focused on people with higher levels of system and application access."

Pioneer's decision to play Big Brother is not as paranoid as it may seem. Seventy-five percent of U.S. breaches are now caused by insiders, concluded an October study commissioned by and conducted by the Ponemon Institute.

Through the years, companies have done a much better job of protecting against the external attacker, but still remain quite vulnerable to the so-called trusted insider, experts say.
And with the economy in tatters and layoffs happening so regularly that internet applications are being created solely to chronicle the firings (on the day of this writing, more than 71,000 U.S. workers were canned in what CNN aptly dubbed "Bloody Monday"), the insider threat is rising.

"People underestimate the potential and the risk of something to happen internally," Reissmueller says. "It's like, ‘We worked with these people our whole lives - they would never do anything like that.' But they will, and there are cases like it in the news all the time."

Time for a checkup
Given the global financial crisis, now is an ideal time for companies to review access processes, according to security analysts. What many will find, though, is that they still rely on simple and manual controls, which do a poor job of governing risk across heterogeneous platforms, systems and applications.

In January, McAfee CEO Dave DeWalt presented a comprehensive report - based on interviews with 1,000 IT decision-makers - at the World Economic Forum's annual meeting in Switzerland. Among the findings: Companies lost an average of $4.6 million last year in intellectual property, and 68 percent of respondents said they view insiders as the top threat to vital data.

The report says that "financially strapped and laid-off employees" increasingly will become tempted to rip off their employer, if for no other reason than the ease with which it could be done. After all, insiders have much more knowledge about a given organisation than an external attacker would - and sometimes more motivation to act maliciously.

"Normal behavior patterns change when you're under stress," says Paul Dorey, a private security consultant who formerly served as the CISO at BP. "People could start to be careless or have harassing behavior - either lash out against companies or lash out against people."