Advertise on ITWeb         Mon, 20 Nov, 17:40:19 PM

Dealing with threat from within

Insider attacks are on the rise and, while they don't constitute the majority of security incidents and breaches yet, they can already prove the most costly. Hennie Moolman, Managing Director of network security expert, AfricaSD, examines the threat posed by insider attacks and what companies need to be doing to neutralise it.

Insider attacks, malicious network attacks undertaken by 'trusted' individuals with authorised access and knowledge of an organisation's systems and data, are on the rise. Although accurate information about the size of the issue here is hard to come by, recent reports from the US suggest that over 20% of the data breaches experienced by American financial and governmental institutions in 2008, together with 16% of other business breaches, were the result of insider attacks.

As is typically the case, South Africa is likely to be lagging behind the US, but it is a gap that is continually closing, and this is a trend it would be unwise to ignore. Especially since these figures are likely to actually be a great deal higher, given the amount of attacks that are not discovered or disclosed by organisations.

Insider attacks can also prove very costly. A study conducted by Forrester Research suggests that a typical data breach, such as the theft of confidential customer data, can cost a company as much as US$305 (R3 065) per missing record in legal fees, compliance fines, reputation damage and revenue lost as a result of customer churn.

Addressing the threat of insider attack should become even more of a priority for companies this year, with the tough economic conditions likely to increase the numbers of retrenched or disgruntled employees around, each one a potential mark for cyber-criminals to compromise.

Types of insider attacks

There are several types of insider attacks. Some are designed to damage an organisation's productivity by crippling its core systems, but the goal of the vast majority of attacks is to steal sensitive company data. This can be the theft of confidential customer data, whether transactional, financial or contact information, or the theft of proprietary intellectual property and 'trade secrets'.

Most system-focused attacks are initiated by skilled IT workers with special access privileges, but data thefts can be perpetrated by almost any employee or trusted business partner. The most common insider threat, nonetheless, is that posed by the irresponsible or lazy employee. The worker that ignores published network security policies, installs unauthorised P2P programs on their computer, copies sensitive data onto USB devices or opens dubious Web sites and e-mails — and cyber-criminals know it too.

Neutralising the threat

While neutralising the threat of insider attack isn't a simple task, organisations need to do more than draft and publish suitable security policies. They need to make sure they are equipped with the proper tools to enforce those policies, and to be capable of monitoring employee and business partner activity when necessary. If policies are not visibly enforced, they are likely to end up being disregarded.

Another important safety measure is to ensure every system connected to the network is completely visible and that each one is properly configured and constantly monitored.

Finally, perhaps the most important step to take is to ensure the centralised management of all endpoints, such as desktops, laptops and mobile devices. Organisations need to make sure they have complete control over how the devices are configured, what software is permitted to run on them (application white listing) and what updates can be installed, as well as receiving detailed, continuously updated network activity and performance information.


Operating throughout the sub-Saharan region, AfricaSD provides organisations with a comprehensive network security service that includes security investigations, audits and threat analyses, as well as configurations and deployments.

AfricaSD supplies and supports a comprehensive range of market-leading products, covering every aspect of network security from anti-virus, authentication, content filtering, encryption, biometrics, firewalls and intrusion detection/prevention to unified threat management and wireless and mobile security.

AfricaSD also offers customers and reseller partners 24x7x365 support on all of its network security solutions. As one of the country's foremost security training and certification centres, the company's technical staff are all fully certified and trained on the entire product range and offer a convenient combination of one-to-one help and a wealth of technological resources.

AfricaSD offers its partners the very best products, training, support, leads and free product certifications. It is committed to keeping partners empowered and up-to-date with the latest relevant information and practices by making available, on an ongoing basis, a network of local and international third-party specialists and leaders.

For further information, visit the company's Web site or contact AfricaSD directly on +27(0)86-111-1737 or +27(0)12-665-2513.


Editorial contacts

Orange Tree Studios
Nicola Stone
(+27) 011 786 5790
This e-mail address is being protected from spambots, you need JavaScript enabled to view it


Our comments policy does not allow anonymous postings. Read the policy here




Sponsors Message