With more and more breaches making the headlines, risk management and security professionals are bracing themselves to face not only increasingly sophisticated attacks, but more rigorous scrutiny on their controls and measures. However, cyber crime is not the only threat.
Organisations are throwing millions of rands at anti malware solutions, firewalls and endpoint security, but as necessary as all these elements are in the security chain, they are not effective against the insider threat. The inadvertent disclosure of sensitive data can happen in a flash – whether it is an employee posting to a micro-blogging site, or carrying documents containing confidential information in plain sight of anyone who walks past, these disclosures can be devastating to both a company’s revenue and its reputation.
Not all insider threats stem from malice. There are other kinds of insider threats over and above malicious insiders – negligent insiders and compromised insiders. The negligent insider will carelessly leave a flash drive lying around, or blithely click on every single email attachment regardless of the source.
Compromised insiders have the tendency to browse untrusted sites, or plug in flash drives of dubious origin. This may be pure ignorance, and lack of awareness about which sites are safe, and which are not, but either way, they could get infected from a drive-by download or cross-site scripting.
Malicious insiders are the most deadly, as they are trying to harm your business. They will actively seek out specific data, be it intellectual property, customer lists or databases of some nature or another.
Regardless of the type of insider threat, access control and education are key. Enforce the principle of least privilege, ensuring users only have access to data that is strictly necessary for them to do their jobs. Sensitive data that is just sitting around, and not being used, should be encrypted, and staff should be educated about do’s and don’ts.
There needs to be a marriage of preventative measures, and tools that can identify when a breach has occurred. We know now that a breach is almost inevitable. Traditional tools for prevention are not a silver bullet, they are no longer protecting businesses. Breaches occur, and when they do, they need to be contained and the damage limited, and this needs to be factored into the risk management plan.
There is still the need for a better relationship between IT security and business processes. A good start would be an open dialogue between risk managers and business executives. A good risk, security and compliance policy will require input from risk managers, businesses users, suppliers, and other stakeholders both within and outside the business. Risk management and performance management are inexorably linked.
The information is already out there, and cyber crooks have it in their sights. If a company is lucky, they’ll only access the most harmless stuff, but too often this is not the case. It’s hardly news that we live in a world controlled by cyber crooks, who are cunning and sophisticated, and are already breaking into every valuable store of information they can find. Our only hope is to make this as difficult as possible, and certainly not help them through our own carelessness.
Simon Campbell-Young, CEO of Phoenix Distribution