Insider Threats vs Hackers - by Emmett Jorgensen
Emmett Jorgensen has worked in IT and Infosec for over 10 years. He works for Kanguru Solutions (www.kanguru.com), a manufacturer of secure portable storage solutions. Article taken from 'The Hacker News' Magazine - October Edition. You can Download it from Here.
News about cyber security, Anonymous, and Lulzsec are constantly making headlines these days, as well they should. It seems that Anonymous is hacking into confidential information on an almost weekly basis. Yet, despite this talk of external risks, the real threat to businesses often comes from within, in the form of insider threats.
Although the intent of a hacker is generally more insidious, the insider threat is more prevalent simply due to an employee's access to company data. Insiders often have access to sensitive data without having to circumvent security measures designed to keep out external threats.
But which is really a bigger threat to your organization? A malicious hacker or a disgruntled employee with access to the company's confidential data?
A recent survey, "2011 CyberSecurity Watch Survey" found that, although there are more instances of cyber threats, their overall cost is less than that of an insider caused data breach. The survey concluded that "more attacks (58%) are caused by outsiders (those without authorized access to network systems and data) versus 21% of attacks caused by insiders (employees or contractors with authorized access)… however 33% view the insider attacks to be more costly"
Essentially, although external threats such as hackers may be more frequent, their effect is generally less substantial and costly than that of an insider threat.
A recent example of this occurred in May when an executive at Boston Bank and Trust Co. resigned and absconded with proprietary bank information, taking trade secrets with him to his new employer, First Republic Bank.
The fact of the matter is that companies need to be concerned with BOTH external cyber attacks as well as the threat posed by insiders who have access to their sensitive data. One method of tackling these threats is through the use of Data Loss Prevention (DLP) software. DLP generally refers to systems that identify, monitor, and protect data in use, data in motion, and data at rest.
DLP software utilizing auditing systems and endpoint security are available in a wide range of configurations and prices. From simple USB device control to full system control, the choice will depend on budget and needs.
The use of DLP and endpoint security allows administrators to manage who and what can access their network and data while an auditing system will keep an audit log of which files are accessed or downloaded. In addition to endpoint security, some vendors offer remote management capabilities for mobile devices. If you have a rogue or lost flash drive, smartphone or tablet, you can remotely erase it, negating any possible data breach. Be sure to investigate the options out there.