News

Study shows growing risk of malicious insider attacks

More often than not, security measures are exterior-facing systems that aim to protect the organization from outside threats like cybercriminals and malware attacks. However, new industry research shows that administrators should also focus their safeguards internally as a means to protect against the enemy inside the gates.

Enemies where they are least expected
A recent security report conducted by Ovum, a survey studying 500 IT managers in enterprises based in the UK, France and Germany, discovered that less than 10 percent of participants feel their systems are secured from insider threats. Furthermore, research found that 42 percent of respondents naming privileged users, including system, database, network and other administrators, are the largest risk to the business.

"Insider threats are no longer only traditional insiders with legitimate access rights who abuse their positions to steal data for personal gain," InformationAge contributor Chloe Green wrote. "Privileged users who maintain systems and networks are now an additional concern, as their roles typically require access to all data accessible from systems to perform their work."

In this way, business executives must now take a hard look at the individuals they trust to access their company-owned property and information. However, while this particular threat is currently on the rise, many enterprises are still in the early stages of safeguarding content against this risk.

Effective strategies for protecting against insider threats
For this reason, decision makers must encourage employees throughout the company to do more to protect against malicious insiders. To help foster these efforts, here are a few beneficial tips to secure assets against internal threats:

1) Identify the most important information and protect that first. According to Dark Reading contributor Mathew Schwartz, organizations should begin this process by determining the "crown jewel" of the company and securing it with restrictive access, logging and monitoring, as well as encryption. Such protection technology, attainable via an SSL certificate, prevents unauthorized users from deciphering safeguarded content.

"We've worked with a number of organizations, and they tell us everything is important," said Dawn Cappelli, Carnegie Mellon University technical manager. "So we say, what's the one thing that if someone took it to a competitor, or out of the United States, would be work millions - or billions - of dollars?"

2) Don't ignore suspicious behavior; look into any questionable employee or partner actions. IT Insider contributor Chip Tsantes pointed out that preventing insider attacks can be difficult, but investigating any suspicious behavior could mitigate the risk before it becomes a large-scale problem. For instance, if an individual that typically only accesses a certain database once a month has begun logging into the resource daily, this could be an issue and is worth looking into.

"Each employee has logical patterns of information usage, and the organization should look for abnormal usage and investigate it when it occurs," Tsantes wrote. "You always need to understand if unusual behavior is warranted or malicious."

3) Keep a close eye on employees leaving the company. Cappelli said that most instances of data theft occur within the month preceding or following a departure. For this reason, administrators should keep tabs on the actions of employees who have put in their two weeks notice or have recently left the organization.

"Know what your crown jewels are," Cappelli said. "If someone resigns who had access to your crown jewels, you need to go back and proactively investigate that."

Additionally, any company account profiles, authentication credentials and other access management systems belonging to ex-employees should be deleted upon their departure. This includes login credentials connected with corporate email accounts, databases and other technology. This can help mitigate the risk of a former worker connecting with these resources after they stop performing duties for the firm.

Protect data in transit with an SSL certificate today.

corporate office

Thawte
The Gateway
Century Lane
Century City, 7441
Cape Town
South Africa

Postal Address:
P O Box 15986
Panorama 7500
Cape Town
South Africa

Call: +353 1 793 9141
Fax: +27 21 819 2950

Buy now! Try now!