Cyber security: The threat from within

0

Cyber security, as ever, has been a widely discussed topic in Broadgate over the past few weeks.  Numerous cyber-attacks have made the news, from the TV5Monde hack to the recent article in the financial times stating that cyber criminals are some of the fastest innovators currently in technology.

However, with the focus of attention being outside, the question is, is there an enemy within? Organisations have spent big money and devoted a lot of resource to protect itself against external threats and have built strong defences with firewalls, anti-virus software, mail filters and numerous other filters used extensively to protect itself.  But have they left themselves vulnerable from the inside?

What if an employee’s password has been hacked and an intruder is stealing information?
What if an employee was accessing sensitive information that they shouldn’t?
Are you able to track malware that has already made it past the external defences?

Once a person is past the external defences the level of access they might get and the potential for misuse is often worrying.  Organisations can find it difficult to identify such inside threats, or by the time they have recognised them it may be too late and the leak has already happened. This is made ever more difficult to monitor by the increasing complexity of an organisations network. The amount of data stored and number and type of devices connecting to it makes it harder than ever to monitor usage.

Evidence of this can be found in the 2014 Information security breaches survey conducted by PWC.  Almost 60% of organisations have encountered staff related security breaches with 20% caused by deliberate misuse of computer systems.

55% of large businesses were attacked by an unauthorised outsider in the last year
73% of large organisations suffered from infection by viruses or malicious software in the past year
58% of large organisations suffered staff-related security breaches
31% of the worst security breaches in the year were caused by inadvertent human error
20% of the worst security breaches were caused by deliberate misuse of computer systems

More significant and what can’t be tracked is the damage that may occur to an organisation if a leak does occur.  Reputational damage for private organisations could be the most damaging, especially if the breach is widely publicised in the press.  With this could come a monetary loss though loss of clients or potential fines from regulators – the information commissioner’s office has the power to fine organisations up to £500,000 for the misuse of personal data on UK citizens.

With this threat looming over organisations, what can be done to protect itself?  Solutions present themselves as policy, procedure and innovative technologies that can monitor and identify such misuse. Here are a few pointers;

Effective IT usage policy – Simpler, shorter implementations

  • Establish a person responsible for security
  • Classify data into confidential, internal and public data
  • Limiting and tracking access to important documents/files should be a deterrent to anyone trying to steal data from inside the network.
  • Limiting the use of external storage devices such as USB sticks and limiting access to file sharing sites including webmail
  • Identify the data “Crown jewels” – the data that if it were to leak would have the biggest financial/reputational damage.  Ensuring these types of files are encrypted with limited access
  • Customised role based training of staff

Monitoring – Medium/long term implementation

  • Use specialist security software to track files and malware entering/leaving the network.  Tools such as Fire eye or Dark trace can use advanced tracking functionality to spot unusual behaviour on a network. Tools like this have the ability to track unusual network behaviour as well as unusual user behaviour.
  • Consider tools such as Dtex deployed on an individual’s PC to monitor behaviour.  Capturing changes in user patterns (e.g. an employee getting ready to leave the organisations), High risk pattern behaviour or finding what information was lost on a laptop left on a train.
  • Other monitoring solutions such as Digital Shadows to track data that has left the internal boundary to calculate the amount of exposure you have outside the organisation.  Even tracking data on social media and the “Dark web”.
  • Controlled environment – Four Eyes check of files leaving the network to ensure sensitive files are not being sent externally

These types of attack are difficult to stop completely as they revolve around the people using the systems.

However, with better controls, methods to identify unusual activity and misuse the objective is that potential losses are captured and remediated as quickly as possible.

————————-

Sources

http://journalofaccountancy.com/issues/2014/sep/improve-data-security-201410183.html

RSS Feed Subscribe to our RSS Feed

Posted on : 30-04-2015 | By : Jack.Rawden | In : Cyber Security

Tags: , , , , , , , , , , ,

Write a comment