Behind the Firewall - The Insider Threat, Part 2

Guest Column: Kathy Coe of Symantec's Education Services says that just because users are inside your firewall doesn't mean they're safe, or that you're safe from them.

As you read in Part 1 of this article, some of the most devastating threats can come from insiders. "Insiders," as we have defined them, include anyone with access to your physical office space, or electronic access to your network. Too many enterprises have already learned the hard way that security technology alone cannot secure the enterprise. Leaving insiders uninformed about security issues can expose your enterprise to unnecessary risk that could have a direct impact on corporate revenue, workforce productivity and the costs of doing business. Where your IT security solutions stop, security education and awareness training must start to minimize gaps in security. Insiders need to be aware of, and understand information security issues, and behave in a security-conscious manner - and you need to provide the impetus for this awareness.

Social engineering tactics

Social engineering plays upon peoples natural inclination to trust others and desire to help out. Attackers will succeed if they can get your insiders to fall for their tricks, but social engineering tactics will not work if your insiders are informed and aware. Social engineering methods can take a number of different forms. Every method is intended to entice unsuspecting users into helping the attacker out - whether it is by opening attachments that will unleash a virus, or providing the attacker with sensitive information that will help their efforts.


Common methods

Social engineering attempts can pop up anytime, in a seemingly unthreatening manner, in a normal workday. It is your responsibility to make sure your insiders are aware of the following threats so they will not be easy prey for such attacks:

  • Email attachments - If an employee opens unsolicited email attachments or does not scan attached documents for a virus before opening them, then the enterprise is vulnerable to virus attacks. Make sure they are not only educated about viruses, and the danger of opening an unexpected or suspicious-looking attachment, but also the result if a virus is executed. The Anna Kournikova and I Love You viruses are successful examples of social engineering attacks, as the enticing subject lines piqued the recipients curiosity resulted in many people opening up the infected email.
Also, if companies rely on employees to keep their virus definitions updated, instead of pushing out new virus definitions automatically to ensure policy enforcement, they risk infection even if they do scan for viruses before opening attachments.Next page: Common methods (continued)