Insider theft is one of the most underestimated cyber security threats that an organization faces. The enterprise may invest a huge sum in deploying state of the art security infrastructure to fortify its network against external attacks, when rogue insiders with authenticated access may access the network legitimately, to steal data or wreck the system at will.
The State of Network Security 2013: Attitudes and Opinions survey, conducted by AlgoSecm during the February 2013 RSA Conference, confirms that insider threats is the greatest security concern facing enterprises. 64.5% of the respondents rated insiders as the greatest security risk, higher than any other factor.
There are many ways to combat insider threats.
Insider threats occur in two dimensions. The first is deliberate malicious intent, where the employee commits a security breach deliberately to steal information or damage the network, either for illegal monetary gains or to wreck vengeance. The second is committing a breach inadvertently, which allow lurking cyber criminals a way in. The net result for the enterprise is the same.
Training on safe internet practices, and on how to recognize phishing attacks, can mitigate the risks caused by employee ignorance. Spreading awareness of company policy related to security, such as the minimum protection required before accessing the corporate network from the employee’s device, also works in this direction. While training and awareness may not necessarily prevent a rogue insider with malicious intent, it would shut the door on them trying to evade responsibility by pleading ignorance.
As the adage goes, prevention is better than cure. Conduct a thorough background check on the employee before hiring them. Have them sign a well-vetted security agreement, which binds them to data confidentiality, and forces them to adhere to corporate security policies. This will make it that much more difficult for rogue insiders and complacent employees to cause security breaches.
Most organizations direct their network monitoring to outside the network to detect the entry of malicious traffic. A comprehensive approach to network security dictates monitoring internal traffic as well. Any unusual incidents, such as spikes in traffic, or log-in during out-of-normal hours, should trigger a red flag that mandates immediate follow up and/or investigation.
Physical security of the computing infrastructure can prevent the malicious intent of rogue insiders. For instance, locking down servers and concealing cables inside ducts makes it very difficult for insiders to intercept network traffic as it passes from the system to the server, and outside, to the cloud storage facility. Locking down laptops in cabinets makes it difficult for the rogue insider to gain access through unauthorized devices with higher permissions.
Many companies try to empower employees by making them responsible for the security of their own data. This may be effective in some cases. For instance, making the employee rather than the IT team responsible for encrypting data and maintaining safe backups, gives the company the ability to pin-point blame when things go wrong, and may serve as a deterrent. This however, is not always an effective option as it may be the case of locking the barn after the horse has bolted. Moreover, if the rogue insider happens to be a corporate spy, the odds are that such an insider would flee after committing the breach , and would not be too bothered about the exposure.