Insider Threat

Financial sector insider threats

Thu, 12 Feb 2009 20:50:51 +0100

Source: http://searchfinancialsecurity.techtarget.com/news/article/0,289142,sid185_gci1347604,00.html

The news article referenced quotes a survey by Deloitte of 250 CISOs in the financial services industry. It states that 36% of respondents believe that their greatest threat comes from insiders. If you couple this with the information from the Verizon Report I referenced yesterday that suggests that less than 10% of companies detect the breach through active monitoring and a massive three quarters only came to light when it was reported to the organisation by a third-party.

All of this suggests that, although internal monitoring may be implemented, it is either implemented incorrectly or sufficient resources are not deployed to review it effectively.

Financial institutions tend to be among the more security conscious organisations and therefore should have a greater understanding of the risks to their organisation; it remains to be seen if the cost to benefit analysis demonstrates that there is value in deploying the resources to reduce the risks from insiders.

Comments

Microsoft warning of an increase in insider attacks

Wed, 11 Feb 2009 22:51:07 +0100

Doug Leland from Microsoft has reported an increase of insider attacks on companies since the start of the economic downturn and warns that "there's an increased risk and exposure to these attacks"

The article at the BBC states that, according to a Verizon Report 18% of breaches are due to insiders, although the cost of the breaches was greater than those performed by others.

I am a little suprised by the 18% figure however, the report is based on reported breaches; it is entirely possible that smaller insider actioned breaches go undetected.

Comments

Threats from the top

Sun, 08 Feb 2009 21:01:03 +0100

New Scientist are running a story. The essence is that bosses of organisations often request elevated privileges, additional software, export rights, etc.
Although there is rarely malicious intent from the bosses, there is an elevated chance that data will escape from their stewardship. The bosses of an organisation generally have access to a larger quantity of sensitive information which should be afforded adequate protection, perhaps even more so than an 'average' employee.
In an ideal world, organisations' executives should lead by example; if the bosses take security seriously, the staff are more likely to.

Bosses have been targetted before and no doubt will be again and as stated before, they generally have access to a great amount of organisation sensitive information.

Comments

Not all staff are trustworthy

Wed, 14 Jan 2009 22:14:54 +0100

From The Register http://www.theregister.co.uk/2009/01/14/ny_cop_gilty_plea/

In short, a New York policman abused access to a computer to glean details from the FBI terrorist watch list. There were a series of abuses here, not just those of the officer charged. He did not have access to the watch list himself, he used the logon credentials, username and password, of a fellow officer who left his "credentials on a notepad so his co-workers could access the system when he wasn't around"

Astonishing. No two factor authentication in place, the officer left his credentials for others to use; and used they were!

I'm sure that there are acceptable use policies in place that the officer who left his credentials on a notepad had breeched. I'm sure there was a logon banner or some such warning that unauthorised access was unacceptable but it occurred anyway. So how did this unfortunate series of events occur?

The officer who used the credentials thought he was being helpful, whether he had a vested interest in assisting the individual for whom he extracted the information is anyone's guess.

The officer who left his credentials for others to use, obviously did so because there was a perceived need. Perhaps too few personnel had accounts to access the information. Obviously, he again thought he was being helpful.

What I find most interesting about this story is that there is no mention of any penalty or conviction for the officer who left his credentials for all to see. I'm guessing e would at least had training concerning the security of the system concerned, and the importance of preserving the confidentiality.

Notwithstanding the usual "what, cops trustworthy?" type comments, it is obvious every workplace will have Insider Threats, the police force included.

Comments

Risky Employees

Mon, 12 Jan 2009 21:27:04 +0100

Network World has an interesting article here. http://www.networkworld.com/columnists/2009/011209insider.html?fsrc=rss-security
It is a little short on detail but it does highlight the main two employee risks to an organisation.

I do have to take issue with their assertion that Administrators steal information. It is true that Administrators are afforded more opportunity to steal information through the increased access they are afforded. This does not mean that administrators pose the greatest risk. I have received, on more than one occasion, sales calls from one salesman who had switched employers (and obviously taken his contact list with him) I have also known of people involved with Research and Development taking proprietary infomration with them on their departure from their organisation. It is not uncommon for software developers to take large amounts of code with them. In the examples I cite, there may be a defence that the information taken was the result of the hard work of the employee that is taking the information but in the case of the Administrator it is not. That may well be true, but the personnel in question were employed and paid to perform that role therefore the company owns that information, not the individual.

How does this happen? Often, there is no policy to prevent it happening - if the staff are not told that they should not take information, why wouldn't they? I'm sure that applies to the sales team more than the R&D or the developers but it should apply across the board.

Companies are generally bad at detecting egress of data from their systems. The overhead associated can be a burden but as part of a comprehensive monitoring programme, it should not be so.

Comments

Disgruntled staff

Thu, 08 Jan 2009 00:21:25 +0100

It is not always disgruntled staff that cause a company problems but companies should always be on their guard from them.

A recent survey suggests that 88% of computer administration staff would steal data if they were fired. That is a startlingly high proportion, and a problem that can be easily overcome by employing a suitable policy of changing passwords when staff leave, whatever the circumstances.

The fact that computer administrators are much more aware of the networked environment and often have remote access privileges, wheter authorised or unauthorised makes them the highest risk of all.

Any company contemplating firing a member of staff that has elevated privileges would be well advised to seek help from a security professional to ensure data leakage is minimised prior to any administrative action being taken.

Source: http://www.theregister.co.uk/2008/09/05/88percent_it_admins_would_steal_sensitive_data/

Comments

Introduction

Wed, 07 Jan 2009 10:26:05 +0100

The threats to technology from internal staff, contractors etc. are often overlooked.

I intend to find tools and stories that are directly related to data and financial loss from organisations from the Insiders.

An often-quoted figure for computer security breeches from Insiders is 70%. It is my belief that this figure is likely to be a great deal higher but mostly undetected.

Insider Threats vary greatly from the wholesale theft of intellectual property or cold, hard cash to the unauthorised installation of material onto a company system.

It is not always the disgruntled employees who are the threat, it is entirely possible that the best-intentioned acts are cause for concern, users of company systems need to be educated as to what is acceptable behaviour, and what is not.

This does not remove the responsibility for companies to protect their assets appropriately. Most companies will be protecting their assets from Outsiders but Insiders have the same motivations and social cross-section, so why not protect their assets from them, too?

Comments