Your data is extremely important to you, and it may be even more valuable to someone else! While it may be hard to accept, digital espionage launched through an intranet is statistically the most common mode of attack. It is also the most costly, and the least defended.
The assets of the corporate intranet are real targets. The information it contains would be damaging if it were available to anyone outside, and even needs to be shielded from most internal users. This includes marketing plans, customer data, personnel records and financial results. Despite the security requirements, the servers containing this data need to be accessible from multiple places within, and outside your organization, and via existing wiring.
Well outline the current problems, and show how traditional security measures cannot prevent internal intrusion. We will also identify an effective intrusion prevention strategy, with alternatives for implementation.
The Problem by Example - Events of 2002:
- A software firm loses key talent when news of a layoff spreads after the CEOs mail is compromised.
- A CFO signs an affidavit that that no one can get unauthorized advance access to financial results, and then he must explain to the SEC how a trusted associate made a suspicious, highly profitable transaction.
- A college discovers massive classroom grade changes in its servers.
- A tabloid gets personal medical data on a celebrity from a hospital and prints it1.
- A virus bypasses the perimeter gateway to attack one server in a data center then instantly infects hundreds more peer systems inside.
In all these scenarios, the silent attack on critical data actually came from inside an externally secured LAN. A perimeter defense had no effect against an intranet intruder, who used commonly available software snooping tools to steal data.
The perimeter gateway was also ineffective against the internal spread of a Nimda / Code Red type worm across a data center intranet. In four of the five scenarios above, a trusted individual took advantage of an unprotected data asset on the internal "trusted" LAN.
This highlights the problem initially illustrated by an FBI survey and consistently verified by multiple studies since then2: The majority of all data intrusion is from the inside and it is costing hundreds of millions overall3. The research of InterGov4 verifies that insiders account for about 80 percent of all computer and Internet-related crime. They find "Inside Jobs" cause an average loss of about $110,000 per corporate victim.
Certainly 99% of people are honest, but it takes just one who is not - in any business. The majority of inventory shrinkage in many stores comes from trusted employees; most of the money lost in banks is not from armed robbery, but embezzlement; and most press leaks in government come from staffers with an agenda. The intruder on the inside benefits most from access to secured information, because they know its relevance and therefore they are most dangerous. The sad truth is: it is easier to take advantage of a trusted situation than it is to lay attack by siege.
An inside job becomes even more probable as the legal consequences for a curious employee are typically less severe than those for an outside attacker - and the insiders chance of getting caught, given the current state of protection, is minimal. It all adds to a dangerous combination and a problem that will come looking for those who are not prepared.