Insider Threats Often Overlooked in Data Security

The following was published in yesterday’s Foster’s and Seacoast Sunday.

Insider Threat

But what about insider threats? Has that even been a topic of discussion? If not, it really should be and here’s why.

As mentioned, most security conversations focus on hardware and software tools that protect the company network against attempts by hackers to penetrate the company network. It has also been quite common to focus on phishing attacks, those social engineering emails that look like they are legitimate, but are not. They are designed to trick the recipient into clicking a link or opening an attachment that will infect the system with malicious code that will allow the hacker to circumvent the layers of security.

Insider threats are too often overlooked, whether they intentional or unintentional. Most insider security risks center around the data stored on the company network. Employees need access to the data required to do their job. That access is a threat because computer users are often granted more access then they need to do their work. In those cases, a person could come upon data that may have value to them in a malicious sense.

Many insider threats are motivated by financial gain, so when an employee comes across data they may be able to use for their own personal gain, there is a real risk. While the incidence of this is still relatively low overall, it is a threat and needs to be considered. No one likes to be overly paranoid and looking over the shoulders of others, but an appropriate level of suspicion and prevention is a prudent business practice.

One of the more common forms of insider threat is data leakage. This is when data leaves the company without authorization or knowledge. In many cases, this may be completely innocent, yet exposes the company to data loss. Too many people use file sharing services not approved or monitored by the company, allowing users inside the network to copy data to an external source where it could be obtained by unintended parties. When this type of leak occurs, it is often because the person inside the company is simply trying to easily share data with someone outside the company. If this sounds familiar, it’s probably because of how common it is. This is why more and more organizations are controlling what data is able to be copied outside the corporate network and what tools may be used to securely share information with specific people.

The other common internal threat is removable media like USB drives. It’s very easy for most computer users to insert a USB drive to facilitate copying data from the network to a USB drive. Few companies employ policies to prevent unknown devices from being plugged in to network computers. Even fewer have policies in place to prevent data from being copied to or from these devices. This is a very common way data leaves a company without knowledge or authorization in many cases.

When thinking about threats, both internal and external, you want to think about how data enters your network, how it leaves your network and how it is accessed and moved within your network. It is also important to understand where your data resides on the network and who has access rights to what information.

Once you understand these important elements of data integrity, you can begin to design and apply appropriate policies to ensure the safety of this data. Auditing is another consideration. At a minimum, data classified as the intellectual property of the company should have appropriate auditing controls applied, so you know who has accessed that data, when and what they have done with it.

Data integrity and safety is a complex matter that involves far more than just installing a firewall and antivirus software on your network. Hopefully, this information will help you think about your business practices and make any necessary changes to protect your organization from threats, inside and out.

Share this:

  1. Email

  2. Print

  1. Tweet