Behind the Firewall - The Insider Threat, Part 1
Guest Column: Kathy Coe of Symantec's Education Services weighs the human threat within the corporate firewall.Your security program is only as strong as its weakest link, and that is where the human element comes into play. Even if you have very comprehensive IT security technology in place, all it takes is one careless, uninformed, or disgruntled person with access to your physical office space or enterprise network to open your company up to unnecessary risk. While you spend a great deal of time and money fortifying your enterprise networks from outsider threat, dont neglect the threat from within. The fact is that some of the most devastating threats to computer security have come from individuals who were deemed trusted insiders.
Costly consequencesProtecting intellectual property should be a security priority for all enterprises because the alternatives can be very costly - not to mention very damaging to your corporate image. According to the 2002 CSI/FBI Computer Crime and Security Survey, the most serious financial losses occurred through theft of proprietary information (41 respondents reported a total of $170,827,000).
One infamous insider
The case of former FBI agent Robert Phillip Hanssen, who was convicted for spying for Russia, is an extreme but prime example of how insiders can take advantage of their access and authorizations. Over a span of more than 15 years, Hanssen provided his Russian contacts with highly classified documents and details about U.S. intelligence sources and electronic surveillance taken directly from his employer, the FBI. Because Hanssen was an authorized user, his activities didnt raise any suspicion. While Hanssen used a variety of technology devices as a means stealing data - encrypted floppy disks, removable storage devices, and even his own Palm handheld device - he also repeatedly walked out of his FBI office carrying classified paper documents in his briefcase, which in turn, he would hand over to his Russian contacts. Since Hanssens arrest two years ago, the FBI has put a special panel in place to review all internal processes and systems and to study the issue of insider abuse. Hanssen manually and electronically stole information from the FBI for his own financial gain, and he did it for more than 15 years without trouble because he was a trusted insider.
Who are your insiders?
Key holdersSome insiders who pose a threat dont necessarily have physical access to your office. Often it is the "key holders" - those who have access to your internal systems through contract or partnership arrangements with your enterprise - who can cause the most harm. In order to conduct business with these key holders, they have access to your network and have been given authorization to be there. It is important that your IT staff be aware of who these individuals are, and give them only the access necessary to perform their function while keeping a close eye on their activities.
Four main reasons insiders cause security breachesThe value of the security software and policies you have in place will decrease if insiders dont understand their role in maintaining a secure enterprise. With that in mind, here are the main reasons behind internal security breaches:
Important checklistHere is a checklist of important things you should do to help preserve your enterprise security from the inside out:
- Immediately after temporary or contract workers are done working for you, disable their user accounts on your computer systems. Of course, the same thing applies to employees who leave the company.
- Do not allow multiple employees to share a single logon account.
- Make it clear to all insiders with access to your enterprise network that their usage is subject to monitoring - this should be a part of your corporate security policy.
- Keep laptops locked down - this should be a part of an overall mobile computing policy.
- Utilize password protected screen savers so computers are always locked when not in use.
- Instruct employees to log off their computers before they leave each day.
- Dole out access to the network on an individual basis, and give each person access to only the computers and files they will need to do their jobs.
- Emphasize the importance of protecting passwords - they should not be left on sticky notes on the computer, emailed or shared with other employees.
Coming in Part TwoNetwork defenses will certainly be enhanced when employees are motivated (but not scared) to adopt a common-sense approach to security and are trained to recognize possible security problems. This can be accomplished through an awareness and education program. We will discuss ways to educate your employees on general threats, social engineering tactics, and ways to create a culture of awareness in your enterprise. Kathy Coe is Director of Education Services for Symantec. She has more than 20 years of experience designing, implementing, and managing customer-focused training solutions for organizations. Over the last six years her business education experience has been focused on the information security industry. Check out eWEEK.coms Security Center at http://security.eweek.com for security news, views and analysis.
Be sure to add our eWEEK.com security news feed to your RSS newsreader or My Yahoo page: