Thwarting insider threats

What can you do to protect yourself? First, you must understand the nature of the threat. The National Threat Assessment Center of the U.S. Secret Service recently completed an Insider Threat Study in conjunction with the renowned Software Engineering Institute at Carnegie Mellon University. Here are a few interesting facts discovered by the study:

• Most insider events were triggered by a negative event in the workplace
• Most perpetrators had prior disciplinary issues
• Most insider events were planned in advance
• Only 17% of the insider events studied involved individuals with administrator access
• 87% of the attacks used very simple user commands that didn't require any advanced knowledge
• 30% of the incidents took place at the home of the insider using remote access to the organization's network

BROWSE BY TAG Threat Monitor,   Security Awareness Training and Internal Threats,   Information Security Management,   Information Security Policies, Procedures and Guidelines,   VIEW ALL TAGS

RELATED CONTENT Threat Monitor Server Message Block Version 2 security in question: Disable or patch? Preparing for future security threats, evolving malware Best practices for (small) botnets Cut down on calls to help desk with cybersecurity awareness training How to detect software tampering How to prevent phishing attacks with social engineering tests An enterprise strategy for Web application security threats How SSL-encrypted Web connections are intercepted How a corporate Twitter policy can combat social network threats Cyberwarfare and the enterprise: Is the threat real? Security Awareness Training and Internal Threats Information security book excerpts and reviews Schneier-Ranum face-off, part 2: Social networking Health Net breach failure of security policy, technology Health Net healthcare data breach affects1.5 million Massive T-Mobile UK security breach involves insiders Secure your remote users in 2010 Layoffs prompt insider threat fears, cybersecurity survey finds How to use Internet security threat reports Creating a HIPAA employee training program Successful rogue antivirus hinges on social engineering Information Security Policies, Procedures and Guidelines Schneier-Ranum face-off part 6: Audience questions Editor's Desk: Apathy and the Cybersecurity Coordinator Writing security policies using a taxonomy-based approach How to detect and respond to money laundering Health Net breach failure of security policy, technology How to protect distributed information flows Whitelists, SaaS modify traditional security, tackle flaws Melissa Hathaway urges more cooperation, government attention to cybersecurity Reuters: Obama ready to select cyber security czar How a corporate Twitter policy can combat social network threats

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary dumpster diving  (SearchSecurity.com) Honeynet Project  (SearchSecurity.com) insider threat  (SearchSecurity.com) National Computer Security Center  (SearchSecurity.com) pretexting  (SearchCIO.com) shoulder surfing  (SearchSecurity.com) single-factor authentication (SFA)  (SearchSecurity.com) social engineering  (SearchSecurity.com) Total Information Awareness  (SearchSecurity.com) trusted computing  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

facts are sobering and help put the problem in perspective. Protecting your organization against insider threats requires careful planning and foresight to develop a layered defense that reduces the scope of the risk and mitigates the effects that an incident might have on your network. Here are five simple measures you can take to protect your organization against insider attacks:

1. Conduct background checks on all new users. In these days of post-9/11 security, many organizations conduct background checks on new hires. However, there are quite a few that don't. Coordinating with your HR department to conduct background verification, reference checks and other pre-employment screening can go a long way toward ensuring that you don't hire the wrong people. It's important to remember that these types of checks should be conducted for all individuals granted a user account, even if they're not directly employed by your organization.

2. Monitor employee behavior. Remember that the Secret Service study showed that most perpetrators of insider attacks had prior disciplinary problems. Here's another item to discuss with HR -- ensure that procedures are in place to refer troubled employees to appropriate counseling resources and to take additional corrective action when necessary.

3. Restrict accounts that access resources remotely. The majority of attacks in the study used some type of remote access mechanism. If you offer VPN or dial-up access to your employees, consider limiting remote access accounts for those with a legitimate business need.

4. Restrict the scope of remote access. Don't automatically grant remote access users the same level of privilege that they would have in the office. Limit access to critical resources through remote connections. You'll not only be protecting yourself against the insider threat, but also against the increased risk of malware propagation through a remote access link.

5. Enforce the principle of least privilege throughout your infrastructure. Every security professional knows the least privilege mantra. Each user should have the minimum necessary set of permissions required to fulfill his job responsibilities. However, this is a principle that often gets quite a bit of lip service, but very little action. Take the time to conduct an account audit and ensure that changing roles and responsibilities within your organization haven't led to privilege creep.

• Why you should stop using the 'Wagon Wheel' approach to protect your network.
• Find out who may be stealing your data.