Forbes magazine online tells us that the danger of insider threats has been driven home by such newsworthy events as hacking into the Target database. Insider threats can be financial, political or personal, including such well-known cases as Eric Snowden and the WikiLeaks scandal. But what is an insider threat, and what exactly does the term mean for you organization? Take a look at some of the more common points, and decide for yourself.
Defining an Insider Threat
A report from IEEE.org warns that insider threats are quickly displacing external threats as the source of data and security
http://www.winmagic.com/blog/2014/02/03/data-security-goes-beyond-encryption/ breaches. While an insider threat can be related to an actual employee of the organization, the accepted definition is much broader. An insider threat can be any attack on the organization originating in the network, even threats that start outside the physical network by working their way in from cloud and other virtual services. This means that your company has to be cautious of all data exchanges which take place in its networked space, including:
- Temp Services
- Disgruntled Employees
- Industrial Espionage
- Partner Companies
- Support Services and Providers
Business Partners as Insider Threats
Forbes goes on to explain that the Target fiasco began with an attack on a support service, one of the HVAC contractors associated with the company. Once inside the network, the attack was able to branch out and eventually acquired sensitive information from thousands of Taret customers. According to a survey performed by Enterprise Strategy Group, Inc., more than 50 percent of respondents believe that they face more insider threats today than only a few years ago, and the number is growing.
There is not a hard and fast rule about how insider threats begin. Employees who are not in key positions may have access to data streams as they pass through the network. As companies become more and more dependent on data acquisition, the possibility for infiltration increases in a proportionate manner. Employees are not the only risk, but they are a major source.
The reasons an employee may become a threat are equally varied, and range from a recently terminated employee, to those who feel they are overworked and underpaid. A report published by U.S. Homeland Security explains that employees may be coerced in other ways as well, including:
- Reduced Loyalty
- Personal Rebellion
Cloud Computing Increases Risks
Virtual networks can also create the risk of insider threats. Even when the virtual service is well-protected, the use of public WiFi opens the way for skilled hackers to gain access. Such connections can be secured at every workstation, but often require the organization to require all staff members and partners to undergo security and software training. Even then, the individual is a weakness, and even the best training and firewalls are only effective when used on a consistent basis.
Threats from Unexpected Devices
Another danger of the growing connectivity of devices arises from the fact that security must be maintained across all devices in a physical or virtual network. As the Internet of Things gains momentum, threats may come from previously unexpected places, including:
- IP-Connected Irrigation Systems
- Passive Devices
- Personal Computers
The growing list of insider threats does not mean that your organization has to be walled off from the world, but it does indicate that network security for all connections must be maintained at sufficient levels to ward off any possible infiltrations. Whether you are talking about an enterprise level organization, or a startup providing a very small suite of services, your company faces many insider threats, and needs have the tools in place to protect it against all possible incursions.
Follow WinMagic on Twitter
Follow AlienVault on Twitter