Protecting against the “insider threat”

In the wake of the Wikileaks fiasco in which a number of US State Department secret documents were publically aired, there are many lessons to be learned about the integrity and security of personal and private data.

Although most organisations will have many layers to their IT security, information security needs to evolve to combat the rising risk of the insider threat.

Whilst the Wikileaks story is still unfolding, it has raised a number of issues concerning how data is classified and categorised, who is given access to confidential data and what processes are in place such as blocking controls, logging or ‘tripwires’ to prevent confidential information being publicly aired.

As technology advances and organisations introduce a growing number of devices, the opportunities for a possible data breach are also increasing and the loss of sensitive data, be it careless or malicious, is becoming more frequent.

The potential risks posed not only see a loss of intellectual property, but loss of reputation, compromise of corporate security, violation of compliance requirements, and in some cases the hand out of hefty fines from the ICO.

Employees often require unconstrained access to corporate networks and systems as a part of daily roles within the workplace and it can be difficult to restrict what users can and cannot access. As a result, insiders pose a significant risk to data security and in order to mitigate the risk of data loss it is necessary to set policies and monitor access to sensitive data.

Although the majority of the data breaches are unintentional, the opportunity exists for disgruntled employees to distribute confidential and sensitive data. During April 2010, a Microsoft Excel worksheet that contained the names of 10,006 individuals, their occupations and other information was emailed to a journalist by someone in the Gwent (Wales) police department.

Organisations need to understand the risks and the severity of the issue of insider threats, particularly in the current economic climate in which many employees are being made redundant and left without work.

Employers need to be aware that dissatisfied employees may go to lengths to damage corporate reputation or merely take data from the organisation that can be used in later employment. Whatever the reason, organisations need to ensure that data is fully protected.

The first step is to audit the corporate network and monitor the use of devices connected to laptops, desktops, and other endpoint devices that network administrators may be unaware of. An auditing and discovery tool can help identify the location of sensitive intellectual property, regulated data and other sensitive content, and reveal the extent of the risks that an organisation faces.

Sensitive documents and portable devices should always be encrypted to avoid leaving organisations vulnerable to data loss by employees who might intentionally steal confidential information.

Organisations should deploy the technologies that will enforce the corporate policies that have been established to protect data at rest and during transmission.

Security policies should be put in place over all endpoints controlling physical/wireless interfaces and storage devices and administrators should restrict unauthorised data transfer from any computer in the enterprise, and track file transfers from encrypted devices even on non-corporate computers to avoid any potential data breach.

Businesses need to face the reality of internal threats and address them as they would outbound threats. Conventional IT security is not enough to defend against disgruntled and malicious employees. Employee behaviour must be monitored and access to files and sensitive data should be explored.

Prior to joining Safend, Edy Almer managed the Encryption and Endpoint DLP products in the Endpoint Security Group at Symantec (SYMC). Edy managed the memory cards product line at M-Systems, prior to its acquisition by Sandisk (SNDK). Edy previously drove the launch of several flagship projects at Orange (PTNR), Israel’s fastest growing cellular operator, resulting in 100,000 new 3G customers one year after launch. As the CTO of Partner Future Comm, Edy charted the product and company strategy for potential venture capital recipient companies. Edy holds a Bachelor’s degree in Electrical Engineering from Technion and his MBA from Tel Aviv University.