The insider threat is posed by employees, contractors, and visitors that are granted too much trust. In some cases that trust is almost naively granted. Anyone within an organization could have motivations, access to resources, and the tools to steal information, or even destroy critical resources. While often overlooked, the insider threat actually outweighs the threats from cyber criminals, hackers and the random malware that most organizations concentrate on. It is the insider that understands where the keys to the kingdom are hidden.
In my travels I talk to a lot of people on the airplane. When I mention that I am in security to a small business owner I often get the same response: "You know, I think I have a problem with my IT guy." Since most small businesses seem to rely on one key person for most of their computer and network support it is not surprising that that one person poses a risk. What if he/she gets mad and leaves? Will he be nice and help the transition, or will he take the customer lists, passwords for critical servers, or even be malicious and destroy data and resources? The City of San Francisco had a problem when Terry Childs, a 43-year-old computer network administrator, changed all the passwords to the Cisco routers on their WAN and refused to give them up even after being jailed.
Large organizations have the ability to create divisions of labor and deploy lots of technology to counter such risks. But what is a smaller organization to do? Here are five steps to take.
The first time you fire up a network monitoring solution you may be surprised to discover the activity on your network: copies of LimeWire sharing documents or copyrighted material, web servers, spam bots etc. It can be an eye opener.