Connecting the dots…. Protecting your company from insider threats

If you think about the impact that technology has had on your business, you’ll undoubtedly agree that it has had a beneficial impact ultimately resulting in increased revenue. There are countless success stories on how businesses have used technology to expand into new markets or develop new products.

Let’s talk about the dark side and protecting that revenue. It’s not hard to fathom security breaches at retailers, such as Target, when the State and Federal government also fall victim.

It is no longer enough for an organization to state “We are secure”. They must add “from” to that sentence (“We are secure from”) and take the next step, identifying which threat, by attack method, requires protection, especially when the attack may come from within. It’s connecting the dots, between the seemingly innocuous events, circumstances and vulnerabilities.

Many companies have established widely accepted security practices to address perimeter based attacks. IDS, IPS, and Firewalls are just a few higher level examples. But how do you prevent an employee who is authorized to access confidential information from maliciously abusing their authority? Typical motives include fraud, theft of intellectual property or confidential information, or intentionally causing a disruption to the business’s operations.

We are most vulnerable from insider threats because they are already in our buildings and have access to our systems. Are we training our managers to recognize red flags and increasing scrutiny on employees?

A company’s information security program should look at internally connecting the dots, in non-traditional ways, such as, gathering HR data about employees/contractors (sicknesses, vacations, change in benefits (e.g. divorce – removing spouse from plan, performance reviews). Information could be gathered and checked against external public data (bankruptcies, arrests, social media, etc.). That, tied into specific activity, could raise alerts that would not normally be raised. Today’s managers need to be aware of suspect behaviors in employees.

For example, repeated absences on a Monday/Friday together with a change in benefits (divorce) could be indicative of a change in that particular employee’s financial situation. The divorce proceedings may have had a substantial impact on their personal financial viability which would cause him to be at risk of performing illegal activities for money.

In the era of Big Data, the ability to capture, store, and analyze large volumes of data is unprecedented compared to years past. “What truly distinguishes big data, aside from its volume and variety, is the potential to analyze it to uncover new insights to optimize decision-making.” Companies must adapt to ensure their information security program accounts for such insider threats as they are more difficult to detect or prevent. Analysts must utilize all information available to identify network and behavioral anomalies.

 

[1]BIG DATA FUELS INTELLIGENCE-DRIVEN SECURITY, http://www.emc.com/collateral/industry-overview/big-data-fuels-intelligence-driven-security-io.pdf

Comments are closed.

Telecommunications | Voice | Data | Networking | Support