How to protect against insider threats while maintaining employee trust

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.information-age.com/technology/security/123459793/how-protect-against-insider-threats-while-maintaining-employee-trust

In January this year, the security director for the Multi-State Lottery
Association in America was arrested after winning the Iowa lottery’s $14.3
million jackpot. The prosecution found that he had employed a complex
system of CCTV manipulation and self-deleting rootkit programmes installed
on a USB device and plugged it into the number-generating computer.

In an entirely different industry, but with worrying areas of similarity,
just last month a call centre employee of medical billing company Medical
Management stole the data of patients treated in eight hospitals, including
their highly coveted social security numbers, worth around ten times the
amount of credit card details on the black market.

Most disturbingly? The employee worked at the centre for just over two
years before being fired due to the criminal investigation.

These disparate examples point to a wider and increasingly common problem –
insider threat. It is worth noting that in both these cases, the data loss
is deliberate and planned, and aren’t the kind of inadvertent threat made
through human error, which can also frequently occur.

Insider threats can often prove much more difficult to forecast, prepare
for and guard against. For example, you could make sure that nobody in your
organisation is accessing non-work related web pages, but how productive
will a work environment be if it contains that level of scrutiny? Insider
threats need to be guarded against, but a balance must also be struck
between security and trust.

The easiest way to deal with this balancing act is to split security – as
is often the case – into looking at both infrastructure and people. This
ensures that more rigorous measures can be implemented without directly
monitoring staff, which is obtrusive.

Fundamentally, people need to be aware of the potential risks associated
with data, but they also need to understand the benefits of properly
safeguarded data.

Software can be dealt with by implementing a variety of different
monitoring methods, ensuring that valuable data does not leave an
organisation’s network without it knowing.

One way that works effectively is to compartmentalise data by giving people
access to only the data they need for their role, reducing the likelihood
of valuable data being taken outside of the network or lost.

Make sure that employees have all of the data they expect to and need to
effectively do their job, and then shut off areas that they have no need
for, shielding data across the organisation.

Keeping track of where this data ends up can also alert organisations to
suspicious activities from within, with a popular technique being to
‘whitelist’ machines.

Whitelisting gives organisations control over what devices are able to
download and upload data within their network. Key documents, such as
financial records, can therefore be protected from ever being downloaded
onto USB drives, disks or foreign hard drives, or emailed to computers that
are not on the whitelist.

Instances of lost hardware can also be dealt with by whitelisting machines,
and can work in much the same way as blocking a phone once it’s lost or
stolen. Lost a work laptop containing confidential information? Use the
software, and take away its access privileges.

Encrypting data adds a secondary layer to data access, which is highly
recommended in order to provide a high level of security. Data masking
works by concealing vital information when it is taken out of the database
and placed into, for example, a spreadsheet or email.

This masking works by taking a selection of the data that has been defined
already, and randomising or blocking as it leaves its original location.
Credit cards, salaries and login details can all be randomised or replaced,
for example, by asterisks. This means that even if they make their way out
of the network they are redundant.

It is vital to remember that insider threats encompass both malicious
attacks (data threats) and mistakes by staff. To be properly protected,
organisations need to consider the disgruntled employee looking to
distribute files, as well as the tired employee who accidentally leaves a
laptop on the train.

For these accidental threats, maintaining best practise standards with
regards to handling data will develop the safest business culture. Make
sure those real-world examples of data loss are circulated and discussed.
Emphasising the impact that this can have on individual employees is
absolutely essential.

A huge number of attacks still come from employees inadvertently opening
malware through phishing techniques, so equipping staff with the ability to
detect these risks is another vital component. For every malicious attack,
there are dozens of people inadvertently clicking on harmless-looking links
in their emails.

The theft of trade secrets is rumoured to cost around $250 billion a year,
and this is set to double within the next decade. It is a sad fact that if
somebody wishes to take information out of a network from within, it can be
nigh on impossible to stop this if they don’t mind being caught.

Nevertheless, doing the basics can make a huge difference if a disgruntled
employee decides to damage an organisation from within. Having a procedure
for terminating access and profiles when an employee leaves the company,
for example, is essential, otherwise a back door could be left wide open
and data exposed.

Looking ahead, the overall aim of any organisation should be to stop the
fire from starting, not look to put it out once it has occurred.

Following best practise for data protection through intelligent and
security software, coupled with installing a culture of trust and
responsibility, is the sure-fire way to deal with both sides of potential
insider breaches and keep data under lock and key.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!