In January this year, the security director for the Multi-State Lottery Association in America was arrested after winning the Iowa lottery’s $14.3 million jackpot. The prosecution found that he had employed a complex system of CCTV manipulation and self-deleting rootkit programmes installed on a USB device and plugged it into the number-generating computer.
In an entirely different industry, but with worrying areas of similarity, just last month a call centre employee of medical billing company Medical Management stole the data of patients treated in eight hospitals, including their highly coveted social security numbers, worth around ten times the amount of credit card details on the black market.
Most disturbingly? The employee worked at the centre for just over two years before being fired due to the criminal investigation.
>See also: Why insider threats are still succeeding
These disparate examples point to a wider and increasingly common problem – insider threat. It is worth noting that in both these cases, the data loss is deliberate and planned, and aren’t the kind of inadvertent threat made through human error, which can also frequently occur.
Insider threats can often prove much more difficult to forecast, prepare for and guard against. For example, you could make sure that nobody in your organisation is accessing non-work related web pages, but how productive will a work environment be if it contains that level of scrutiny? Insider threats need to be guarded against, but a balance must also be struck between security and trust.
The easiest way to deal with this balancing act is to split security – as is often the case – into looking at both infrastructure and people. This ensures that more rigorous measures can be implemented without directly monitoring staff, which is obtrusive.
Fundamentally, people need to be aware of the potential risks associated with data, but they also need to understand the benefits of properly safeguarded data.
Software can be dealt with by implementing a variety of different monitoring methods, ensuring that valuable data does not leave an organisation’s network without it knowing.
One way that works effectively is to compartmentalise data by giving people access to only the data they need for their role, reducing the likelihood of valuable data being taken outside of the network or lost.
Make sure that employees have all of the data they expect to and need to effectively do their job, and then shut off areas that they have no need for, shielding data across the organisation.
>See also: Twelve tips to combat insider threats
Keeping track of where this data ends up can also alert organisations to suspicious activities from within, with a popular technique being to ‘whitelist’ machines.
Whitelisting gives organisations control over what devices are able to download and upload data within their network. Key documents, such as financial records, can therefore be protected from ever being downloaded onto USB drives, disks or foreign hard drives, or emailed to computers that are not on the whitelist.
Instances of lost hardware can also be dealt with by whitelisting machines, and can work in much the same way as blocking a phone once it’s lost or stolen. Lost a work laptop containing confidential information? Use the software, and take away its access privileges.
Encrypting data adds a secondary layer to data access, which is highly recommended in order to provide a high level of security. Data masking works by concealing vital information when it is taken out of the database and placed into, for example, a spreadsheet or email.
This masking works by taking a selection of the data that has been defined already, and randomising or blocking as it leaves its original location. Credit cards, salaries and login details can all be randomised or replaced, for example, by asterisks. This means that even if they make their way out of the network they are redundant.
It is vital to remember that insider threats encompass both malicious attacks (data threats) and mistakes by staff. To be properly protected, organisations need to consider the disgruntled employee looking to distribute files, as well as the tired employee who accidentally leaves a laptop on the train.
For these accidental threats, maintaining best practise standards with regards to handling data will develop the safest business culture. Make sure those real-world examples of data loss are circulated and discussed. Emphasising the impact that this can have on individual employees is absolutely essential.
A huge number of attacks still come from employees inadvertently opening malware through phishing techniques, so equipping staff with the ability to detect these risks is another vital component. For every malicious attack, there are dozens of people inadvertently clicking on harmless-looking links in their emails.
The theft of trade secrets is rumoured to cost around $250 billion a year, and this is set to double within the next decade. It is a sad fact that if somebody wishes to take information out of a network from within, it can be nigh on impossible to stop this if they don’t mind being caught.
>See also: How to create the perfect insider threat programme
Nevertheless, doing the basics can make a huge difference if a disgruntled employee decides to damage an organisation from within. Having a procedure for terminating access and profiles when an employee leaves the company, for example, is essential, otherwise a back door could be left wide open and data exposed.
Looking ahead, the overall aim of any organisation should be to stop the fire from starting, not look to put it out once it has occurred.
Following best practise for data protection through intelligent and security software, coupled with installing a culture of trust and responsibility, is the sure-fire way to deal with both sides of potential insider breaches and keep data under lock and key.
Sourced from Charles Sweeney, Bloxx
