Insider Threats Are a Growing Problem
One of the biggest threats to your computer systems could be sitting in your next staff meeting. That uncomfortable and unfortunate fact was noted by the Department of Homeland Security (DHS) in a public service announcement released September 23.
The agency reported that security breaches by disgruntled employees are on the rise, and pose a significant threat to U.S. businesses. The FBI has investigated a growing number of cases in which current or former employees exploited their ability to access business networks and servers in order to destroy data, steal proprietary software, make unauthorized purchases, and obtain customer information and other resources for use in a new job. There were also multiple incidents in which disgruntled employees disabled access to key systems or conducted distributed denial of service attacks as part of an extortion scheme against their employers.
The DHS and the U.S. Computer Emergency Readiness Team (US-CERT) define an insider threat as “a current or former employee, contractor or other business partner who has or had authorized access to an organization’s network, system or data and intentionally misused that access to negatively affect the confidentiality, integrity or availability of the organization’s information or information systems.” According to FBI data, insider threat incidents cost victim businesses anywhere from $5,000 to $3 million to resolve.
In many cases, employees who had been terminated maintained access to computer systems through the use of unauthorized remote desktop protocol (RDP) software. Disgruntled employees also used personal email accounts and cloud storage to steal company data.
These activities reflect the disregard many employees have for their employers’ intellectual property. According to a study conducted in October 2012 by the Ponemon Institute, half of employees who left or lost their jobs in the previous 12 months kept confidential corporate data, and 40 percent planned to use it in their new jobs.
These commonsense strategies can reduce the risk of insider threats:
- Immediately disable a terminated employee’s access to systems and networks, and ensure that third-party service providers know the employee has been dismissed
- Strictly limit administrator-level access to servers, networks and social media accounts, and change passwords when an administrator leaves the company
- Regularly review employee access rights and terminate any access that isn’t needed to perform daily job responsibilities
- Avoid the use of shared usernames and passwords
- Require that all staff follow password best practices — use a different password for each account and change passwords regularly
- Restrict the use of cloud storage platforms
- Regularly scan for malicious code and unauthorized applications
- Maintain daily backups of key systems and data
- Establish formal grievance procedures as an outlet for insider complaints, and ensure that management is aware of negative events in the workplace
ICG can also help reduce the risk of insider threats through objective, third-party oversight of your systems and data. Contact us to learn how our real-time monitoring, patch management, software compliance, CIO-level consulting and other services can help improve your security posture.