E-CommerceALERT.com is part of the Bennett Gold LLP web site network.
LINK TO: Bennett Gold LLP, Chartered Professional Accountants, home page.		 LINK TO: E-CommerceALERT.com Home Page.
CLICK to GO BACK to Main Page.

Research and retrieval of news articles by:
Bennett Gold LLP, Chartered Professional Accountants


SPECIAL NOTE TO ALL VISITORS:
Effective December 31 2012, articles are no longer being updated on this web site.
The site is now maintained as an historical archive, covering notable e-commerce news articles from the period 1999 to 2012.


THWARTING INSIDER THREATS

Source: SearchSecurity.com

Posted on June 23, 2005

      The greatest information security threat facing your organization is in your office right now. It has the ability to bypass the physical and logical controls you've put in place to protect the perimeter of your network and has already obtained credentials to access a significant portion of your infrastructure. What is this threat? It's the often underestimated insider threat - the risk that your users will violate the trust you've placed in them to conduct malicious activity on your network.

      What can you do to protect yourself? First, you must understand the nature of the threat. The National Threat Assessment Center of the U.S. Secret Service recently completed an Insider Threat Study in conjunction with the renowned Software Engineering Institute at Carnegie Mellon University. Here are a few interesting facts discovered by the study:

• Most insider events were triggered by a negative event in the workplace.

• Most perpetrators had prior disciplinary issues.

• Most insider events were planned in advance.

• Only 17 percent of the insider events studied involved individuals with administrator access.

• 87 percent of the attacks used very simple user commands that didn't require any advanced knowledge.

• 30 percent of the incidents took place at the home of the insider using remote access to the organization's network.

      These facts are sobering and help put the problem in perspective. Protecting your organization against insider threats requires careful planning and foresight to develop a layered defense that reduces the scope of the risk and mitigates the effects that an incident might have on your network.

      Here are five simple measures you can take to protect your organization against insider attacks:

      1 - Conduct background checks on all new users. In these days of post-9/11 security, many organizations conduct background checks on new hires. However, there are quite a few that don't. Coordinating with your HR department to conduct background verification, reference checks and other pre-employment screening can go a long way toward ensuring that you don't hire the wrong people. It's important to remember that these types of checks should be conducted for all individuals granted a user account, even if they're not directly employed by your organization.

      2 - Monitor employee behavior. Remember that the Secret Service study showed that most perpetrators of insider attacks had prior disciplinary problems. Here's another item to discuss with HR - ensure that procedures are in place to refer troubled employees to appropriate counseling resources and to take additional corrective action when necessary.

      3 - Restrict accounts that access resources remotely. The majority of attacks in the study used some type of remote access mechanism. If you offer VPN or dial-up access to your employees, consider limiting remote access accounts for those with a legitimate business need.

      4 - Restrict the scope of remote access. Don't automatically grant remote access users the same level of privilege that they would have in the office. Limit access to critical resources through remote connections. You'll not only be protecting yourself against the insider threat, but also against the increased risk of malware propagation through a remote access link.

      5 - Enforce the principle of least privilege throughout your infrastructure. Every security professional knows the least privilege mantra. Each user should have the minimum necessary set of permissions required to fulfill his job responsibilities. However, this is a principle that often gets quite a bit of lip service, but very little action. Take the time to conduct an account audit and ensure that changing roles and responsibilities within your organization haven't led to privilege creep.

      These simple measures can go a long way toward helping you protect your organization against the insider risk. Remember, however, that there is no single cure and the most important component of any security program is vigilance!



CLICK to GO BACK to Main Page.

E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Professional Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca

In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes.

ALERT
ARCHIVES
Final Entries
2012
2011
2010
2009
2008
2007
2006
2005
2004
2003
2002
2001
2000
1999


LINK TO: Bennett Gold, Chartered Professional Accountants: A Licensed Provider of WebTrust Services.

WebTrust Is Your
Best Defense
Against
Privacy Breaches.

Get WebTrust
Working For
Your Site.