When we think about IT saboteurs, the majority of us picture a professional hacker bent on stealing highly confidential information or wreaking havoc with our business. In such cases, the perpetrator is usually an outsider who breaches the data network of a company with malicious intent, be it financial, political, or otherwise. To protect themselves from this threat, businesses have implemented layers of physical and IT security around the perimeter of their organizations. What they have overlooked in the process, however, is a threat which, according to Forrester Research, is responsible for 70% of all data theft: the insider attack.
Internal threats most often come from people who, at one time or another, were on the payroll of the organization and have knowledge of how to navigate the system to gain access to critical data. According to the Ponemon Institute and ArcSight, the average cost to a company for an insider data breach is an astounding $3.4 million. That figure alone is enough for any business take notice.
The rising number of insider attacks may be the result of businesses focusing an increasing amount of their efforts on thwarting external threats while forgetting to protect from within. In today’s world, if you haven’t done so already, good business practice dictates that you begin shifting your focus inward.
There are many places to find information on how to move forward in this area. One guide that might be helpful is the third edition of "Common Sense Guide to Prevent and Detection of Insider Threats," published by the U.S. Secret Service and Carnegie Mellon University’s Software Engineering Institute. The guide outlines 16 best practices to help organizations avoid insider threats. It serves as a perfect checklist for those businesses not sure of their preparedness for such an attack. Some points include:
Implement strict password and account management policies and practices.
Log, monitor, and audit employee online action.
Use layered defense against remote attacks.
Track and secure the physical environment.
Use extra caution with system administrators and technical or privileged users.
Deactivate computer access following termination.
Founder and Chief Technology Officer