Most of what you hear in the news highlights the latest attacks coming from external forces such as those at Sony, Target, and eBay. But what about the rogue insider who intentionally inflicts damage or the employee who unknowingly unlocks the keys to the kingdom?
The traditional approach to safeguarding the network was to build a secure perimeter, and then monitor and defend that perimeter using robust technological tools. As events like the Edward Snowden/NSA affair indicate, this approach has one major flaw: It does not account for the Insider Threat. Even as organizations have increased awareness of the Insider Threat they still struggle with how to keep the network and sensitive assets safe.
There are Internal Threat deterrents to prevent "the devil you know" from undermining the mission of your organization, but the Internal Threat can take many guises. Before implementing a protective strategy, it's important to understand what you are dealing with. These include:
Data leakage via USB
Research from Ponemon Institute indicates that as much as 60 percent of employees that leave the organization (voluntarily or otherwise) take enterprise data when they go. What makes it easier to do this than a USB? Employees can connect, swipe, and go, quickly, without detection.
Accidental malware injection
When staff open corrupt files or connect a personal USB to their computer, they risk exposing the network to malware.
Hijacked local admin group
Users admitted to the local admin group have high-level privileges and often fly under the radar. These are shared accounts and make for a perfect place for rogue staff members to steal data.
Hijacked domain admin group
While checks and balances exist to audit this group, too many sysadmins do not even check audit logs. This paves the way for undetected data loss.
Unauthorized app installation/usage
Users can bring in malware and spyware accidentally when they install their own apps. Is there a policy to monitor what apps are allowed and detect which apps have been downloaded by whom?
Unauthorized data deletion
Either on purpose or by accident, sole copies of enterprise assets could be deleted from the system. Scheduled backups provide some level of mitigation for data deletion; without this, organizations stand to lose significantly.
Unauthorized email account usage
It's natural for staff to leave their computer on and remain logged into email all day. Unfortunately, rogue staff could take advantage of this to steal corporate data.
Protecting Your Organization From Internal Threats
A transparent internal firewall (INFW), like that from industry leader Fortinet, brings at-a-glance transparency to the network. Staff can enforce enterprise security policies and have first alert of any threats or suspicious activity without having to modify network setup or spend time configuring permissions.
When adding security resources, it is important to work with a systems integrator like TVAR, who understands the unique needs of Federal and Government Agency IT departments and who has expertise working with best in class technologies, including Fortinet. TVAR Solutions is your partner for simple yet effective federal IT solutions.