Insider Threat

Insider Threats – More Damaging In Today’s Highly Connected Society

Insider threat —  a problem that evolves and changes, but never goes away

Sam Greengard, a contributing writer to CIO Insight, recently posed the question of how business can prevent insider threats. This is a challenge for most business because they lack the ability to detect or deter them.  In Sam’s article he discusses the evolution of an insider threat going from fear of an employee walking off with a laptop or using a USB drive to steal a limited amount of data, to today’s threat of the insider stealing an entire credit card database or millions of personal records.

Companies that implement procedures to protect their systems and data from outside threats are only doing half the job. Hardly a week goes by without a new report of a security breach that has resulted in massive financial fraud. To that end, I’d like to share two Carnegie Mellon University studies. The first study takes an in-depth look at Insider Threats: Illicit Cyber Activity Involving Fraud in the U.S. Financial Services Sector; and the second study presents a Common Sense Guide to Mitigating Insider Threats.

In summary, criminals who executed a low and slow approach accomplish more damage and escape detection for longer periods of time. Also note, these insiders’ means are not very technical. Some key tips to mitigate insider threats, in addition to implementing strict password and account management polices and practices include:

  • Clearly document and consistently enforce policies and controls
  • Institute periodic security awareness training for all employees
  • Monitor and respond to suspicious or disruptive behavior, beginning with hiring
  • Enforce separation of duties and least privilege
  • Consider insider threats in the software development cycle
  • Use extra caution with system administrators and technical or privileged users
  • Implement system change control
  • Log, monitor, and audit employee online actions
  • Use layered defense against remote attacks

The important lesson is to take insider threats seriously, put appropriate controls in place and to be vigilant.