When IT pros think of hackers, images of young men sitting around a smoky room in Eastern Europe staring at monitors may come to mind. And yes, many hacks, especially large scale incursions, do come from organized groups of outsiders and often foreign entities. This outside threat is why firewalls, and intrusion detection and prevention systems are so common.
But these perimeter defenses do little to fend off what may be the biggest threat – an attack from inside!
Insiders not only have network access, sometimes at a high level, they also know much of what is on the network, and where exactly that data resides.
There is nothing murky about the degree to which insiders are a problem. Verizon defines the problem with a fair amount of precision in its annual data breach report. The annual Verizon Data Breach Investigations Report documents the extent of the current threat.
The first issue is defining what an insider is, and which of them do the most damage. Verizon found that “almost one third were found to be end users who have access to sensitive data as a requirement to do their jobs. Only a small percentage (14%) are in leadership roles (executive or other management), or in roles with elevated access privilege jobs such as system administrators or developers (14%),” the report stated. “The moral of this story is to worry less about job titles and more about the level of access that every Joe or Jane has (and your ability to monitor them). At the end of the day, keep up a healthy level of suspicion toward all employees. While we would like to think they will never give you up, let you down, run around or desert you, we simply can’t (tell a lie, and hurt you).”
This isn’t just fun and games for the perpetrators. Greed is usually the driver. “What motivates them? Most frequently it is the potential for financial gain (34%), although the espionage motivation (25%) continues to be associated with these breaches,” Verizon found.
Outsiders need to jump through hoops to gain user privileges to access the victim’s data. Insider already have privileges. That’s why privilege abuse is such a common breach method. “When the nature of their (the hackers’) actions is known, the general privilege abuse is always at the top of the list. This is merely using access to gain information for alternative and unsanctioned uses,” Verizon discovered.
The next step involves the data itself. “Data mishandling follows and typically involves mailing sensitive information or loading to a sharing service. Many times this is not done with malicious intent, but for a convenience factor,” Verizon found.
Breaches and data misuse isn’t always malicious, at least in intent. “Use of unapproved hardware and software are the third and fourth most common varieties of misuse. The unapproved hardware is usually either a USB drive (used to store information to be used later, like, when employed at another company kind of later) or a hand-held skimmer that we have seen food servers use to capture diners’ payment card data,” the report explained.
Insiders don’t even have to hack your systems to cause problems. They can just misuse them. Here are some of the problems they can cause:
- Crime such as fraud and theft
- Data theft and leakage
- Sexual harassment and sometimes even child pornography and victimization
- Corporate Espionage
- Data corruption/deletion
- Insider trading
Working Towards and Answer
The first step in combating the threat from inside is knowing there is a problem. Then take a deeper fuller approach to security. Here you need to know what is going on in the network and who is doing what.
“You cannot effectively protect your data if you do not know where it resides. Likewise, it does you little good to know where it is but then pay no attention to who has access to it. Make sure that you are aware of exactly where your data is and be careful who you give privileges to and to what degree. It makes sense to give the valet attendant your keys to park your car, but not to hand over your credit cards as well,” the report said.
The Secret to Security – Layers
Protecting your network these days’ means having multiple layers of protection. Learn more with our white paper Protect Your Company’s Data and Infrastructure with Layered Security.