Keep your enemies close and your employees closer
Created: 23 Oct 2009 | 1 comment
Information security was, for many years, focused on protecting against external threats and attacks. While those threats still remain, a new and more insidious threat has emerged – the malicious insider. With a down economy, we’ve seen more employees stealing confidential information from their mostly unsuspecting employers to reap personal gains.
We see these events all the time. These anecdotes of breaches by malicious insiders illustrate the nature of the threat and expose weaknesses in information security programs – the malicious insider. One such insider worked at a healthcare company and used her access to patient databases to create counterfeit prescriptions for controlled substances. She turned around and sold those prescription drugs for a hefty profit. She was caught after the damage was done, but is now facing prosecution.
Temporary employees pose risks as well. A temporary employee at a telecommunications company stole personal information on thousands of employees to apply for online “payday” loans in excess of $70,000. Again, she was caught too late – after employee identities were stolen and credit ratings destroyed. She’s now facing 20 years in prison and a fine of $250,000.
What can companies do to protect against these malicious insiders? First, they need to ensure that their policies and processes around employee access to sensitive data are appropriate for the employee’s position and are enforced and regularly reviewed. It seems obvious that contractors shouldn’t have the same access to the same systems and data as a developer, but some companies miss the point.
A market leading data loss prevention (DLP) solution that offers protection at the endpoint, network and storage levels can also help. DLP can help a company clean up “spills” of confidential information inside the organization – from real customer data that is being used on an unsecured QA server to sensitive financial details that are saved to the laptops of a whole team. Once the confidential information is identified, a company can prioritize remediation to contain the risk of breach. They can leverage DLP to enforce policies that ensure that only certain people can access it and it isn’t downloaded, emailed or saved to a USB drive in ways that put those data at risk of being compromised.
Malicious insiders are a problem that is not going away. The good news is that these are often crimes of passion in which employees are lashing out against their current (or former) employer. This emotion leads to sloppiness and we see that employees don’t often try to cover their tracks. With the right tools in place, companies can now defend their confidential information from against these thieves.
blog entry Filed Under:
Comments
Which problem are you solving?
Everywhere I've gone lately, I've seen more surveys blancing the image of the malicious insider. While we've realized that direct, external hacker attacks are often not the biggest risk, the pendulum has now finally started retreating from the "all insiders are risks"-extreme and are swinging back. Hopefully we'll end up somewhere in the middle...
But even in the blogpost above, opportunity and disgruntlement are pointed to as top causes of insider incidents.
So why not try to fix that then?
Give me a better system for segregation of duties or separation of privileges. Enable workers to do theyir jobs as they are supposed to.
Information is going to be all over the place anyway, we don't need DLP to tell us that, and any DLP system can only control what it knows, it suffers under the principle of GIGO as much as anything else.
Stop adding band-aids. Fix the core problems instead.
Would you like to reply?
Login or Register to post your comment.