Acunetix: Top 10 Insider Threats and How to Protect Yourself
Written by Kevin Beaver from Acunetix
The Edward Snowden incident highlights the dangers that an organization could be exposed to due to insiders with ill intent. You know; the very people you’ve entrusted with the organisation’s well-being and have assumed to this point that everything they do is on the up and up.
According to a recent Clearswift/Loudhouse report, 58% of security incidents are attributed to insiders. Other studies, such as the 2013 Verizon Data Breach Investigations, claim smaller numbers. One thing is certain though; you have users and things on your network right now that are creating business risks. There are too many people with access and too much to lose to ignore the problem.
The following are what I consider to be 10 of the top insider-related threats at any given business:
Top Insider Threat #1: Management mindset.
Management’s mindset that “we don’t have anything of value the bad guys would want” is a ridiculous yet pervasive problem.
Top Insider Threat #2: Users assumed to have been properly vetted.
As in Snowden’s case, information is coming out now that his background check was inadequate. On the other hand however, never overlook the potential for someone with a flawless background and references to still be able to commit crimes.
Top Insider Threat #3: Entities assumed to have no access.
Be it business partners, contractors, or similarly “less visible” users, it’s not uncommon for people with no business need to have full access to whatever they desire on your network. Who are they and what do they have access to?
Top Insider Threat #4: Lack of information.
If you’re not focusing on the right target then you’re not going to hit your mark. Many people aren’t even aware of where to look. In a lot of situations, this can be due to information systems complexity – something that hampers security at most enterprises. In other situations, it’s people ignoring key information right under their noses.
Top Insider Threat #5: Improper tools.
Lack of information is often related to lack of good tools. You cannot secure what you don’t acknowledge. Just as critical, you cannot acknowledge what’s important when you don’t have the proper insight and means for making informed decisions. Whether they’re open source or paid commercial products – get the tools you need to properly manage the security of your network.
Top Insider Threat #6: Limited expertise.
Even with the right tools and the right information, it’s still not easy sifting through nor is it easy to know what you should be looking for. Training and experience are great for this. So is outsourcing to a third-party that can do it better than you can.
Top Insider Threat #7: Non-existent patching of third-party software.
Unpatched workstations running versions of Java and Adobe that are known to be vulnerable continue to plague most businesses I see.
Top Insider Threat #8: Data loss via mobile devices.
The mere lack of passwords and encryption on phones, tablets, and laptops in your mobile environment is arguably your greatest threat.
Top Insider Threat #9: Data exposure via improperly secured software.
Be it file-sharing in the cloud, malware-infected websites, or improperly secured (and untested) applications, your users and their information are at risk right now.
Top Insider Threat #10: Careless use of Wi-Fi.
A threat worthy of its own designation is wireless network usage. The mindset of “I just need to connect to send some emails or browse to some websites” is the very essence of why insiders create so many problems for IT and security.
Many of these are of a more general IT nature but they can all be tied back to web security. The way you manage IT and information security as a whole will impact web security and vice versa.
Putting some basic security controls in place – some of which we’ve known about for decades – will buy you another 45 percent or so. Look at critical areas including passwords, patches, system logging and monitoring, as well as your practices for actual enforcement and incident response. If you look hard enough, you may be surprised by the gaps that exist.
Regardless of the size of your business, anything can and will happen. Do what it takes to get the basic controls in place. Know your network. Know your users. Understand your risks and do something about them.
By following this formula, you’ll save yourself from embarrassment or worse.