Billions of dollars have been spent over the last few decades on information security in order to “keep the bad guys out,” but with data leaks, laptops left on trains and stolen files, it is clear that companies face an internal risk. This is as true of factory environments as it is with other organisations. John Mutch, CEO of BeyondTrust talks about securing your company by spotting the insider threat
This isn’t about lack of trust: humans are not infallible. While some breaches are caused by individuals or gangs with malicious intent, the risk is just as great from accidental breaches, or those caused indirectly, for instance via hackers impersonating the ID of an employee.
The situation is exacerbated by the increasing complexity and distributed nature of IT systems, which create more potential points of weakness. This is the case in factory environments which typically have high volumes of technology-centric systems, devices and processes.
Furthermore, organisations have a tendency to give individuals unnecessary levels of information access. A recent global survey found that more than 60 per cent of ‘privileged’ users have access to that data out of curiosity, not as an essential part of their job function.
Spotting the insider threat
While the insider threat is a very real one, it can largely be avoided, with the right combination of technology, processes and policies. It also helps to understand the kind of personalities that may maliciously or inadvertently cause a problem. For instance, one category is disgruntled employees, who may feel ‘hard done by’: perhaps they have been passed over for a promotion or know that they are likely to be in the next round of redundancies.
Here are two real-life examples: a former Goldman Sachs programmer, Sergey Aleynikov was convicted and received a sentence of eight years for stealing proprietary software source code as he was leaving the company in order to sell those assets to the competition for about $1.2 million.
In April 2011, a former network security engineer at Gucci America was indicted on charges that he illegally accessed the company’s network and deleted documents shortly after he was fired, costing Gucci nearly $200,000 in damages.
At the other end of the spectrum are the employees who may have the best intentions but accidentally, can be the root cause of major problems. Devastating breaches can stem from innocuous actions such giving away passwords (either loaning credentials to a colleague, or scribbling them on a sticky note in full view of anyone passing the desk), downloading unauthorised applications or tools that bring in malware, or through email errors. For instance, several years ago, one of the largest banks sent out an email to customers that – due to an internal operator error – exposed recipients’ emails to everyone on the list.
Last but not least is the risk from an individual that does not work for the organisation at all, but who has managed to gain remote access to secure information, by impersonating a legitimate internal user. Cyber attacks carried out by sophisticated hackers will increase, unless organisations take action.
Barriers not walls
So, what can be done? The first thing to understand is that the aim should be to create barriers, not walls. Organisations need to implement privilege management, taking the ‘Goldilocks’ approach (not too much privilege, not too little, but ‘just right’).
Also, companies should also investigate what tools specifically designed for managing privilege and preventing data leaks are available.
Systems can cover: monitoring and alerts, reporting, and management tools siphon through web and code based interfaces to centrally control requested network tasks. These tasks are then deployed across all end points: cloud, virtual, servers, databases, desktops, and mobile. The latest data loss protection innovations mean that organisations can even prevent employees or contractors from copying precious data onto USB sticks, embedding into email or even printing out copies.
Best practice
There are also some very simple best practices that companies can adopt, including forbidding desktop users to operate as ‘administrators’ on their machines. Companies often make this mistake, thinking that this approach saves on hundreds or thousands of calls to the IT helpdesk, but this is a false economy: when individuals are allowed to operate as a local admin, organisations are opened up to serious security threats.
Another example is to stop bypassing logging. However tempting this is, without this system of checks and balances, companies cannot have granular control over what is going on, let alone work out what the root cause was when something goes wrong. For the more tech-savvy among readers, use of Microsoft UAC is not enough on its own, because it does not eliminate admin right altogether and can cause a gaping hole in protection plans.
These are just some of the best practice techniques that can be adopted which together with the right supporting tools can stop the ‘insider threat’ in its tracks. With the right ammunition, companies can ensure that data breaches are virtually eliminated and prevention is better than cure.
BeyondTrust
T: 0870 458622
