Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Stopping the insider threat

IS Decisions : 10 August, 2015  (Special Report)
Francois Amigorena of IS Decisions asks if your organisation has the perfect insider threat programme
Stopping the insider threat

2014 may be forever be known as ‘The Year of the Breach’ as it seemed that as each week went by a new security breach would come to light. For every new story, the subsequent implications for both the organisation and its employees were never far from the headlines with most incidents relating in one way or another to internal source. Now here we are half way through 2015 and it doesn’t look like anyone is learning their lesson.

Last year the big names in the news were Sony Entertainment, JP Morgan, and eBay, who had all in one way or another been victim of an internal security breach by either a malicious or simply careless user. By February this year all we were able to add US health insurance giant Anthem to the list of major organisations struck by a breach caused by internal error.

Research completed for the IS Decisions User security 2015 report found that IT professionals plan to make a concerted effort this year to address the issue of insider threat. Although a substantial number of organisations in the UK (43%) say they already have an insider threat programme, of those that are yet to implement one, 69% plan to have done so by the end of this year.

Planning to set up an insider programme is the first hurdle. However, with any plan, before rushing in to it you must always consider the areas on which you should focus your efforts. As every organisation is different they will each have a separate set of priorities, but more often than not, the basics will remain the same. Regardless of the type or size of the organisation, the following elements should always be considered.

Exit strategy

An employee is leaving – of course you wish them well and sign a leaving card. But, have you really thought about their departure from an organisational perspective? What happens to that particular employee’s login details and access when they leave?

Previous research from IS Decisions showed that over a third of ex-employees still had access to a former employer’s data using their old login details. However, only 24% of IT professionals had plans to incorporate an official employee exit protocol into their insider threat programme. Not only does this show a lack of awareness of the potential issue of ex-employees, it also highlights a significant weak spot in the organisation as a whole.

Take a moment to consider that that employee you have just waved off into the distance isn’t such a ‘good-egg’. Maybe they didn’t leave on good terms, of perhaps have a vendetta against you or your organisation. What sort of damage could they do if they still have access to sensitive information? An ex-employee is far more likely to cause havoc than a current one. After all, what do they have to lose?

Take the Sony Entertainment breach as an example. An ex-employee was allegedly the source of one of the biggest corporate data breaches we’ve ever seen. How could this have been allowed to happen? Especially when it’s so easy to implement a strategy to deal with malicious ex-employees? Simply set out a process to ensure that all employees exiting the company can no longer access the network, files or other company systems. Is it really worth over looking this part of your programme?

Never trust, always verify

The idea of zero trust may sound like a harsh stance to take, but when it comes to organisational security and network access management it really is the best option. Known as the ‘zero trust model’ this mind-set promotes the idea of never trusting whilst always verifying a user’s access to the network.

The approach does not have to be frustrating to the user, rather it should be implemented to guide and ensure that the user is always aware of the restrictions and why they are there, which ultimately helps educate them. By always choosing to verify access, the organisation is reducing the overall vulnerable surface for attack significantly whilst reminding users why they need to be vigilant and that their use of their access credentials matters.

Encourage good behaviour

The zero-trust model will ensure a deeper level of user security within the organisation practically, but it will also help reinforce the positive security behaviour exhibited by employees. If your user knows the difference between positive and negative user behaviour they are far more likely to act appropriately.

As mentioned previously, we know that the majority of IT professionals plan to include training and education in their insider threat programme, however the best and most effective awareness building is done on the job. A user is far more likely to pay attention to a rule that is reinforced time and time again rather than a written policy they are expected to read and remember amongst a long list of documents they are given when joining the company. We all know this gets dumped in a drawer to gather dust!

Stop bad behaviour in real-time

An organisation will have far more of an impact in terms of user education if it happens in real time. And the same goes for user activity monitoring. This will involve two elements – the first is in terms of the user. If your organisation’s employees are sent alerts when they act in a manner that could be deemed suspicious they are far more likely to pay attention. And if what they’re doing really is with malicious intent, a real-time alert could stop them in their tracks.

Secondly, on the administrator side, the ability to both monitor and track behaviour gives further insight into how users behave on the network, and differentiate between what’s ‘normal’ and what’s out of the ordinary. An alert to suspicious behaviour allows the administrator in charge to quickly and effectively stop a potential threat before any significant damage is done and their organisation hits the headlines as the next major breach takes place.

If all these elements were to be included in an organisation’s insider threat programme you strongly reduce the chances of being the next security breach story in the news.

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo