Cyber Threat From Within

Uploaded on 2015-12-02 in NEWS-Cybersecurity News, JOBS-Training, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Even as organizations hunker down for a long and expensive siege against attackers from cyberspace, a determined employee with the right kind of access can be as much of a threat, if not more. Whether disgruntled or dishonest, whether destroying records or stealing intellectual property, it is shockingly easy for insiders to wreak havoc on your most valuable digital assets.

Unprotected data can leave your office on a thumb drive, a laptop, or through a personal email account. Once outside, there are plenty of lively markets for it, both online and off. From competitors looking for trade secrets, to criminals stealing customer data, to rogue states breaching national security — and much more — there is no shortage of buyers for any information that can be monetized.

Far too many organizations are unprepared for insider threats. Their data isn’t properly segmented. Password policies are too lax. Mobile devices are insecure. Access permissions are not adequately policed.

As a result, a company’s crown jewels can be left exposed. Even your most loyal employees — those with no mischief on their minds — will seek out unprotected data simply because it’s there and they can access it. The problem escalates when an employee with personal issues — debts, drug use, family issues, etc. — succumbs to the temptation to turn access into opportunity. And when that employee works in IT, or even runs the IT department, the damage can be catastrophic.

In the face of these threats, data security needs to be taken far more seriously than it too often is. The crown jewels must be walled off, with access strictly limited on a need-to-know basis. Checks and balances must be established — IT, compliance, and cybersecurity must be responsible for watching over each other. Policies for activating and de-activating accounts must be tightened.

Most organizations have neither the resources nor the personnel to assess current practices, recommend the proper changes, and institute the stricter policies and procedures necessary to protect data going forward. Professional help is usually required.

There is no substitute for instilling the basics of data security throughout the organization. Employees need to be trained by experts in the dos and don’ts. They need to know how to create a proper password. They need to know not to share passwords with co-workers. They need to understand the consequences of insider leaks, even if unintentional.

Email, in particular, is a security breach waiting to happen. Email attachments must not be forwarded to personal accounts. Co-mingling of accounts — work and personal on the same device — need to be restricted, if not eliminated. Awareness of spear-phishing and other “social engineering” ploys needs to be taught and constantly reinforced.

If you suspect an insider has been tampering with your data, intense scrutiny — of computer logs, of email traffic, of work processes and procedures — is absolutely essential. The goal is to identify patterns of employee behavior to determine where the breach came from, what damage has been done, and who is responsible.

There are many questions to consider: Who recently accessed a particular shared folder — and why? Who is accessing documents they should not normally be seeing? Is someone from finance copying a strategy statement? Is someone from marketing looking at technical specs? Is someone who has always left the office at 5 pm suddenly staying until 8 pm every night?

Once these questions are answered, there is still a great deal of detective work to do: interviewing personnel, narrowing down suspects, examining motives, figuring out how the breach was carried out. For each step in this process, it is best to engage expert help. Your organization is unlikely to possess the skills to either identify the breach or pin down the suspect.

It cannot be overstated that for any insider incident, the adequacy of the response will be commensurate with the level of advanced preparation. Policies need to be established, procedures tightened, employees thoroughly trained, and remediation plans carefully laid out ahead of time.
Doing these things right may require outside assistance, but once they’re in place, your organization will be in a much better position to prevent breaches in the first place — and to respond to them when they occur.
K2Intelligence: http://bit.ly/1XE2v5Z

« The Road to Measuring and Interpreting Big Data
Russian Financial Cybercrime »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

SISA

SISA

SISA is a global forensics-driven cybersecurity solutions company, trusted by leading organizations for securing their businesses with robust preventive and corrective cybersecurity solutions.

Athena Dynamics

Athena Dynamics

Athena Dynamics focuses on Cyber Security, especially in Critical Information Infra-structure Protection and Enterprise IT Operation Management products and Services.

H3C Group

H3C Group

H3C provides a full range of Computer, Storage, Networking and Security solutions.

Cybertron

Cybertron

Cybertron services include real-time monitoring and incident response and a cyber range for competency development.

The ai Corporation

The ai Corporation

The ai Enterprise Fraud Solution is an on-prem or cloud-based self-service, machine learning fraud detection and prevention tool set.

DANAK

DANAK

DANAK is the national accreditation body for Denmark. The directory of members provides details of organisations offering certification services for ISO 27001.

HUB Security

HUB Security

Hub Security provide Ultra Secure, Military Grade HSM (Hardware Security Module) Solutions for Blockchain and Digital Assets.

CYDES

CYDES

CYDES is the first event in Malaysia to showcase advanced solutions and technologies to address cyber defence and cyber security challenges for the public and private sectors.

Stealth Software Technologies

Stealth Software Technologies

Stealth Software Technologies is focused on the generation of research and software products focused on applied cryptography and cybersecurity.

DataFleets

DataFleets

DataFleets is a privacy-preserving data engine that unifies distributed data for rapid access, agile analytics, and automated compliance.

US Marine Corps Forces Cyberspace Command (MARFORCYBER)

US Marine Corps Forces Cyberspace Command (MARFORCYBER)

US Marine Corps Forces Cyberspace Command (MARFORCYBER) conducts full spectrum military cyberspace operations in order to enable freedom of action in cyberspace and deny the same to the adversary.

CertiProf

CertiProf

CertiProf has been enhancing professional lives since 2015, offering a wide range of IT certifications and agile framework training.

IPKeys Cyber Partners

IPKeys Cyber Partners

IPKeys Cyber Partners, together with the IPKeys Power Partners unit, provide Cyber Security and CIP Compliance for utilities, grid operators and public safety organization across the USA.

StealthPath

StealthPath

StealthPath is focused on endpoint protection, securing the “implicit trust” vulnerabilities of current leading information security solutions.

Bulletproof Solutions

Bulletproof Solutions

Bulletproof provides IT expert support, services, and guidance to businesses small and large as they grow and adapt to today’s complex IT, cybersecurity, and compliance needs.

Start-Up Chile (SUP)

Start-Up Chile (SUP)

Start-Up Chile is a business accelerator program created by the Chilean Government for high-potential tech entrepreneurs.