|
Worms! Viruses! Spyware! Mass media coverage (hysterics?) about external security threats has caused many of us to temporarily forget the most important rule-of-thumb about security ? that 80% of the threat to any organization comes from inside. Trusted employees, IT staff, contractors and outsourcers all have access to critical systems and are inside the primary lines of organizational defense. Whether the primary security concern is data integrity, financial compliance, or privacy protection, administrators must ensure that the insider threat is understood and contained.
Most organizations deal with insider threats by defining application roles, restricting access to data, and strict audit rules. But they often forget their computer administrators. IT administrators are granted great powers over servers, Active Directory and applications as part of their jobs. Until recently, a solution did not exist to limit this power, outside of partial solutions like logs, but administrators by definition have been able to evade those solutions.
This paper is divided into two sections. First, Dr. Eric Cole discusses the business issues around insiders and in particular IT administrators in depth. Second, NetIQ experts have worked together to show you how to build a comprehensive management system to reduce and eliminate many of those issues. By reading this paper you'll be able to identify the key business processes in your organization that must be secured and be ready to build a solution to contain the insider threat.
The Importance of Understanding the Insider Threat by Dr. Eric Colei
Organizations tend to think that once they hire an employee or a contractor that person is now part of a trusted group of people. Although an organization might give an employee additional access that an ordinary person would not have, why should they trust that person? Many organizations perform no background checks and no reference checks and as long as the hiring manager likes them, they will hire them. Many people might not be who you think they are and not properly validating them can be an expensive, if not a fatal, mistake. Because many organizations, in essence, hire complete strangers who are really unknown entities and give them access to sensitive data, the insider threat is something that all organizations must worry about.
If a competitor or similar entity wants to cause damage to your organization, steal critical secrets, or put you out of business, they just have to find a job opening, prep someone to ace the interview, have that person get hired, and they are in. The fact that it is that easy should scare you. Many companies have jobs open for several weeks and it could take a couple of weeks to set up an interview. That gives a competitor focused on your company a four-week period to prep someone to ace an interview. This is what foreign governments do when they plant a spy against the U.S. They know that a key criterion for that person is passing the polygraph, so they will put that person through intensive training so that he or she can pass the polygraph with no problem. This points out a key disadvantage that organizations have. The attacker knows what process you are going to follow to hire someone and all they have to do is prep someone so they ace that part of the process.
Insider threat is occurring all the time, but since it is happening within a company, it is a private attack. Public attacks like defacing a Web site are hard for a company to deny. Private attacks are much easier to conceal.
Because these attacks are being perpetrated by trusted insiders, you need to understand the damage they can cause; how to build proper measures to prevent the attack; how to minimize the damage; and, at a minimum, how to detect the attacks in a timely manner. Many of the measures companies deploy today are ineffective against the insider. When companies talk about security and securing their enterprise, they are concerned with the external attack, forgetting about the damage that an insider can cause.
|
