The struggle to balance decreasing resources -- both budgets and personnel -- with the need to protect our infrastructures has resulted in the phenomenon of the "Wagon Wheel" information security posture. By Wagon Wheel, I am referring to the snack that consists of a hard crusty chocolate outside and a soft marshmallow inside. Most of us place or focus all of our control and detection efforts outward facing, ignoring what is originating from the inside -- the all too common threat of insider attacks.
If we take the media and vendor marketing at face value, we would tend to believe that the "biggest" risk to our information systems, networks and data, comes from the "evil" outside
Apart from the impact, what if any evidence exists to opine that the risk from insiders is as great or greater than the outsider? The answers are history, empirical research, human nature, and the changing/changed business and global environment. Insider fraud and abuse have been a business concern long before the Internet and today's computer technology. The financial sector has been plagued by internal theft and fraud since its inception. This has not changed, nor will it change in the foreseeable future. Employee theft, more commonly referred to as "shrinkage," is a cost of doing business for most retail and manufacturing companies. We also cannot forget about IP theft or corporate espionage.
The business culture has drastically changed in the past decade or so. Gone is the nostalgic notion of joining a company upon graduation and working for that same company until
It is extremely important that we are cognizant of the risks to our operations that originate from various sources. When faced with decisions on where to spend those limited resources, we must make informed decisions based on substantiated or at least realistic assumptions of risk The inclination to focus all of our controls on threats from the outside is not a prudent or diligent strategic approach. We must strive to come to a balanced security posture that is sensitive to both the threat from external and internal attackers. In many cases this can be as easy as configuring those external facing controls to monitor the other side of the network traffic as well, namely the inside.
About the author
Marc Rogers is a professor in the Computer Technology Department at Purdue University.