Measuring and Mitigating the Insider Threat

Data breaches and security

Managers have every reason to fear their own employees, if they read the news. A few months ago, an energy company auditor tried to steal $9 million from the company he worked for. Last month, a data breach at LexisNexis that occurred at a LexisNexis customer was linked to the mafia, according to a grand jury indictment.

Now a new study is aiming to understand the threat — and what enterprises can do to minimize it.

The research, conducted by IDC on behalf of security firm RSA, found that every enterprise interviewed had at least one breach during the past year, although the majority (52 percent) were believed to be purely accidental.

Yet even accidental breaches cost money. “Organizations risk substantial and ongoing damage when sensitive information, such as customer and employee personally identifiable information (PII), design plans, source codes, and other types of intellectual property, is accidentally exposed,” the survey said.

In some organizations, the threat is constant. “We surveyed about 400 CxOs,” Christopher Young, senior vice president of products at RSA, EMC’s (NYSE: EMC) security subsidiary, told “Those 400 got about 58,000 internal risk incidents over the past 12 months.”

The report said that many incidents were caused by out of date or excessive user privileges. These user privileges can cause failed audits, the report warned.

The problem is that many companies are increasing their use of contractors and temporary staff who need access to information but whose accounts must be correctly provisioned and then deprovisioned after the job is done.

This places a real burden on IT, the report said.

IT departments are also facing the new challenge of the mobile worker. The report found that many breaches are caused when employees bring infected devices to the workplace. Infections can be transmitted by laptops, USB keys, and even mobile phones.

“If the employee goes home and surfs the Web at night, they can easily be hit by what’s called a ‘drive-by download,'” Young said. “Their infected machine could be sitting behind the firewall the next day.”

Employees are even increasingly at risk when visiting legitimate sites. “They could visit a social networking site. They could be shopping online. User activity causing the infection does not have to be confined to sites that would be off limits in most organizations,” Young said.

“The concept of insider risk is becoming more important for enterprises as the IT organization is being turned inside out with social networking and the use of multiple devices,” he added.

He added that antivirus software won’t protect computers against every threat. “It takes time to catch up with the bad guys and identify new types of malware,” Young said. “Even a person within the corporate environment is not necessarily protected against the latest malware.”

The report recommended that enterprises use data loss prevention (DLP) and identity management software to reduce the burden on IT.

Even the most sophisticated users will take notice, Young said.

“It can keep them honest by letting them know their behavior is being monitored,” he said, although he added that doing it right won’t be easy.

“It can be tough to have a view across the entire hyper-extended enterprise,” Young said.

Update clarifies that a LexisNexis customer rather than employee caused the LexisNexis breach.

News Around the Web