Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Insider threats and how they can be mitigated

Grant Hatchimonji | Oct. 16, 2013
Vormetric report identifies widespread concerns and how they can be addressed

"There are tools that blind operators to sensitive information," said Cates. "Businesses have ways to never expose certain employees to the information in their systems."

Surprisingly, however, the very employees who should be trusted to manage these systems and protect the data within them are the ones that present the most risk. The report indicated that 34 percent of security professionals said that IT administrators were one of the biggest threats to their organizations. That said, it's not always an individual or an actual person that presents the risk, said Cates. The inherent risk is their privilege.

"You can watch what [IT administrators] are doing, but they get to make these decisions," said Cates. "They authenticate, oversee data flow, and determine what apps your company is interacting with."

So from a control perspective, businesses need to determine, can they or do they need to look at sensitive information in order to do their jobs? One possible solution here, said Cates, is to audit what your IT administrators are trying to do.

"It's important to understand what they're doing with your info, because they're the ones protecting it," said Cates. "You need to manage the privilege, not the user."

It would appear that that's what many businesses are trying to do. The survey results indicated that 31 percent of respondents rated "network security tools" as the most important protection against insider attacks. Kessler explained that this could include anything from firewalls to intrusion detection/protection services (IDS/IPS) to network-based malware detection solutions. This is, of course, because a lot of the time malware is targeting specific users based on their privileges.

Kessler agreed that the gatekeepers and their privileges need to be monitored, using the postal service as a metaphor. They manage and deliver your mail, but they have no right or need to see what's inside. "Here, it's the same thing," he said. "We're limiting their ability to see data but still allowing them to do their job."

Employees aren't always in the office though, so what about insiders who find themselves frequently working on the road? The use of mobile devices and connecting to company networks from remote locations pose inherent risks, both of which were addressed in the report. To put the concern into perspective, 49 percent and 41 percent of respondents said that their organizations' data was most vulnerable on a desktop/laptop or mobile device, respectively.

Cates went beyond the statistic, however, and clarified what the numbers meant by reading between the lines. Unless companies have enabled special privileges on these devices, he said, they are nothing more than vectors to information. So the real risk isn't localized, but there is still concern about where they could lead.

 

Previous Page  1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.