One of your greatest enemies is in your organisation right now, says Simon Campbell-Young, CEO of Phoenix Distribution. This person knows what security measures you have in place, and how to bypass them. Chances are, he or she has legitimate login credentials to your network, and can access your most private data in the blink of an eye.
Even more concerning, says Campbell-Young, this person is willing and able to damage or sabotage your company, and put you at risk not only from cyber espionage, but from falling foul of compliance legislation.
"Organisations are throwing millions of rands at anti malware solutions, firewalls and endpoint security, but as necessary as all these elements are in the security chain, they are not effective against the insider threat, and with POPI stealing the headlines these days, organisations are under even greater pressure to protect their sensitive information."
He says not all insider threats stem from malice. "There are other kinds of insider threats over and above malicious insiders - negligent insiders and compromised insiders. The negligent insider will carelessly leave a flash drive lying around, or blithely click on every single email attachment regardless of the source."
Compromised insiders have the tendency to browse untrusted sites, or plug in flash drives of dubious origin. This may be pure ignorance, and lack of awareness about which sites are safe, and which are not, but either way, they could get infected from a drive-by download or cross-site scripting.
Malicious insiders are the most deadly, as they are trying to harm your business. "They will actively seek out specific data, be it intellectual property, customer lists or databases of some nature or another," Campbell-Young explains.
It is his view that when dealing with an insider threat as opposed to an external one, companies have a strong advantage, in terms having control over their internal environment of to a certain degree. "We have zero control over what happens outside the business or on the Internet."
Regardless of the type of insider threat, Campbell-Young says access control and education are key. "Enforce the principle of least privilege, ensuring users only have access to data that is strictly necessary for them to do their jobs. Sensitive data that is just sitting around, and not being used, should be encrypted, and staff should be educated about do's and don'ts."
However, to gain real visibility into insider threats, a solution that protects data security, monitors users' computer and Internet activities, and eases system management is what is needed. "It is important to be able to centrally control and monitor users' PC and internet usage at any time, and from anywhere. A good solution should also be able to prevent data leakage whether through e-mail, IMs, flash drives, printing and suchlike. In addition, it should enable the organisation to check users' document actions, e-mail activity, IM activity and print activity, and also have the ability to back up documents before they are altered by a user, and should save a copy of all incoming and outgoing e-mails, attachments, IMs and documents."
Campbell-Young says another 'must have' feature is screen monitoring, to enable you to see exactly what users are up to on their machines, and it should be able to record any screen grabs that are taken. To further eliminate the insider threat, the solution should run in the background and be completely invisible to users.
Share