Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

How to identify and thwart insider threats

David Geer | Oct. 2, 2015
It is often cited that an enterprise’s employees are its biggest vulnerability. What are company’s doing about it? In a significant number of cases, companies are perhaps doing nothing.

mole

It is often cited that an enterprise’s employees are its biggest vulnerability. What are company’s doing about it? In a significant number of cases, companies are perhaps doing nothing.

According to the SANS Institute and SpectorSoft, 74 percent of the 772 IT security professionals they recently surveyed are “concerned about malicious employees.” The survey pool spans 10 industries including financial, government, and technology and IT services. The survey data also shows that 32 percent of respondents “have no technology or process in place to prevent an insider attack”.

Clearly there is an intersect between professionals who gave each response. With more than 25 percent of survey respondents employed at organizations with a workforce greater than 20,000 people, the large enterprise has representation in this data.

It’s time to drill down into the personalities and penchants of these living information security vulnerabilities. According to insider threat detection firm SpectorSoft, insiders whose behavior purposely or inadvertently threatens the enterprise and its data fit several archetypes, each with clear profiles, behaviors, intentions, and associated threats. CSO explores insights into insiders such as moles, imposters, disgruntled employees, hacktivists, ringleaders and those who feel entitled together with how companies can ‘pause’ and ‘delete’ them.

Not me!

The answer to the question of why some companies would have no special protection against insider threats is an easy one: leaders and managers who make those decisions are people too and given to naturally positive human assumptions and ignorance. “Some organizations maintain a ‘not in my backyard’ mindset, stemming partially from culture (‘we hire great, trustworthy people so we won’t have a problem’) and partially from the lack of a known incident (‘we’ve never had an insider attack so we must be doing OK’),” explains Mikey Tierney, COO, SpectorSoft. Ultimately the organization cannot foretell what any employee will do or become once they are part of the family, so-to-speak.

A closer look at archetypes of people who are threats as described by SpectorSoft will reveal what drives them. A mole is obviously someone who really works for someone else, perhaps another company but really any entity with a cause in opposition to the target company. According to SpectorSoft, a mole will often have science and engineering skills, holds a position creating intellectual property, and has access to critical data, which they will attempt to pilfer.

An imposter is actually an outsider with insider credentials, an attacker or former employee. They target those and other credentials and accounts to steal or breach data and intellectual property. The disgruntled employee is out for revenge, seeking justice for real or imagined wrongs of the company. According to SpectorSoft, this employee is easier to detect than other malicious actors and the enterprise should isolate them before they sabotage, steal, breach, or defraud the organization.

 

1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.