Skip to main content

Fighting the insider threat

JohnIn order to defend against today's threats, organisations need to be aware of what is happening inside their networks, and their organisations - and when. A dangerous, yet underestimated threat could well be sitting in your company as we speak.

"Members of your staff have legitimate login details to access your network, and might even be able to bypass your security controls," says John Mc Loughlin, MD of J2 Software. "While spending on malware detection and antivirus is necessary, these solutions are only effective in the fight against botnets, and drive-by downloads, they can do nothing to fight a malicious or careless insider."

He says the first step is to control the information that is already inside the organisation. "Businesses must have policies and guidelines in place to manage who has access to what information."

He adds that staff must be educated on these policies in order to defend against the damage or theft that can be caused by insiders, whether inadvertently or deliberately. "Companies should hold all staff responsible for detecting and reporting not only behaviour but technical signs that indicate an employee is deviating from these policies."

Access control and education are of top importance here. "No-one should be able to access anything that is not strictly necessary for them to do their jobs. In addition, all sensitive information that is not in use should be encrypted," Mc Loughlin says. "In terms of education, policies that make employees accountable for their data are key, and a list of what is acceptable and what is not can also help – a list of Do's and Don'ts can be most effective here. In addition, staff who do not have admin access must have their access to information tightly controlled, by enforcing strict need-to-know, least privilege, and separation-of-duties policies."

Need-to-know and least privilege go hand-in-hand, he explains. The former limits the information a particular employee has access to, to what they strictly need in order to fulfil their role. The latter controls and manages what that employee can do with, or changes he can make to, that information.

"In this way, he may be able to view sensitive information, but would be unable to delete or alter the data." Separation of duties adds a crucial security layer, as it stops an individual from completing all tasks that are associated with a critical process. "This will prevent, for example, a disgruntled developer from sneaking malware into a production environment," Mc Loughlin says.

Once the business has a handle on what its employees can access and alter in terms of the data, it must now move on to controlling the movement of any critical information.

"This is where data leakage prevention (DLP) comes in. Data protection is of paramount importance to businesses of all sizes, and most companies have either experienced data loss, or feared that they were about to. DLP solutions are not only used to protect data, but as a business process for managing risk across the organisation."

He says DLP solutions are designed to detect potential data breach or data ex-filtration attempts through monitoring, detecting and blocking sensitive data. "Ideally, DLP should monitor how sensitive information is being used, and where it is going to. This will identify high-risk users, and if any business processes are not working as they should."

DLP should also enforce data loss policies, which will help stop data leaks by securing any exposed data.

  • Hits: 2370