The Insider Threat: Debunking the 'Wagon Wheel' approach to information security

Column

The Insider Threat: Debunking the 'Wagon Wheel' approach to information security

The struggle to balance decreasing resources -- both budgets and personnel -- with the need to protect our infrastructures has resulted in the phenomenon of the "Wagon Wheel" information security posture. By Wagon Wheel, I am referring to the snack that consists of a hard crusty chocolate outside and a soft marshmallow inside. Most of us place or focus all of our control and detection efforts outward facing, ignoring what is originating from the inside -- the all too common threat of insider attacks.

If we take the media and vendor marketing at face value, we would tend to believe that the "biggest" risk to our information systems, networks and data, comes from the "evil" outside

    Requires Free Membership to View

    Login

    SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

Sound off!
Share your opinion on the insider threat.
attacker. Other so called "research" appears to corroborate the myth of the outsider being the most ominous risk. Despite the fact that most of these surveys suffer from some serious methodological issues, if we look at impact, the insider attacks have a considerably higher cost attached to them, often several magnitudes higher than outsider attacks.

Apart from the impact, what if any evidence exists to opine that the risk from insiders is as great or greater than the outsider? The answers are history, empirical research, human nature, and the changing/changed business and global environment. Insider fraud and abuse have been a business concern long before the Internet and today's computer technology. The financial sector has been plagued by internal theft and fraud since its inception. This has not changed, nor will it change in the foreseeable future. Employee theft, more commonly referred to as "shrinkage," is a cost of doing business for most retail and manufacturing companies. We also cannot forget about IP theft or corporate espionage.

The business culture has drastically changed in the past decade or so. Gone is the nostalgic notion of joining a company upon graduation and working for that same company until

How to build a corporate culture of policy compliance

Policy guru Charles Cresson Wood offers tips for creating a culture of compliance within your organization.

retirement at age 65. Gone also are the assumptions that most workers are an integral part of the company who have a sense of ownership and reciprocal feelings of loyalty between the employer and employee. In today's business environment we are lucky if we work for the same company for five years. In fact, some have referred to the current work force as transient. The end result of this cultural shift is the dissolution of reciprocating loyalty. We find ourselves in a vicious circle as the lack of feelings of loyalty has been positively correlated with deviant and/or criminal insider behavior.

It is extremely important that we are cognizant of the risks to our operations that originate from various sources. When faced with decisions on where to spend those limited resources, we must make informed decisions based on substantiated or at least realistic assumptions of risk The inclination to focus all of our controls on threats from the outside is not a prudent or diligent strategic approach. We must strive to come to a balanced security posture that is sensitive to both the threat from external and internal attackers. In many cases this can be as easy as configuring those external facing controls to monitor the other side of the network traffic as well, namely the inside.

About the author
Marc Rogers is a professor in the Computer Technology Department at Purdue University.