Managing Insider Threat


Published on

Published in: Technology, Business
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Managing Insider Threat

  1. 1. Managing insider threat <br />Iris Cheung<br />
  2. 2. Agenda<br />What is insider threat?<br />Why has insider threat become such a big issue? <br />Ways that insiders can attack<br />Key controls – preventative and detective<br />Balancing internal security and morale<br />Potential privacy issues <br />Current issues<br />Concluding remarks<br />
  3. 3. What is insider threat?<br />CERT’s definition:<br />“a malicious insider who is a current or former employee, contractor, or business partner who has or had authorized access to an organization’s network, system or data, and intentionally exceeded or misused that access in a manner that negatively affected the confidentiality, integrity, or availability of the organization’s information system”<br />Can also be:<br />A trusted employee, who unintentionally, through negligence, cause financial or reputational damages to the organization<br />
  4. 4. Why has insider threat become such a big issue?<br />Insider threat has always existed<br />In 2009 and 2010, 51% respondents experienced an insider attack<br />2011 Cyber-Ark Global survey: 16% of people believed that insiders stole highly sensitive and valuable IP and transferred or sold to the organization’s competitors <br />
  5. 5. Why has insider threat become such a big issue?<br />Macro changes:<br />Distributive workplace <br />More people have knowledge in IT <br />Value of data has increased <br />
  6. 6. Why has insider threat become such a big issue?<br />Tone at the top:<br />High level of technology implemented, but only to keep outsiders out<br />High impact but low frequency<br />Powerless to defend <br />Therefore, not enough effort devoted to mitigate risks.<br />But: insider attacks are more costly than outsider attacks! <br />
  7. 7. Ways that insiders can attack<br />IT sabotage<br />Fraud<br />Theft of intellectual property<br />National security espionage<br />Unintentional <br />
  8. 8. Ways that insiders can attack<br />IT Sabotage:<br />Damage to company’s network, system or database<br />Usually recently demoted, fired or formally reprimanded<br />Disgruntled IT personnel<br />Attack after they have left the company<br />Behaviours: mental health disorders, history of rule violations, decision making bias<br />
  9. 9. Ways that insiders can attack<br />Fraud:<br />Small group of current, non-technical, low-level employees or managers<br />Usually have access to personally identifiable information or customer information<br />Modification of data<br />Motivation is financial gain<br />Collusion<br />
  10. 10. Ways that insiders can attack<br />Theft of intellectual property:<br />Current scientists, engineers or programmers <br />Use stolen proprietary information to help new employer, start their own business<br />“Entitled Independent” <br />Motivated by dissatisfaction of job<br />“Ambitious Leader” <br />Motivated by greater rewards of the new job or own business <br />
  11. 11. Ways that insiders can attack<br />National Security Espionage:<br />Fairly new<br />Example: WikiLeaks<br />New type of channel for data leakage <br />Motivated by personal morals<br />
  12. 12. Ways that insiders can attack<br />The unintentional:<br />No intention to harm the company<br />Due to negligenceand violation of corporate policies<br />Giving opportunities to those who want to attack the company to do so<br />
  13. 13. Key controls<br />Preventative:<br />Know your assets and know what needs to be protected<br />Document and enforce policies and controls<br />Monitor and respond to suspicious behaviour<br />Implement proper access control and account management<br />Enforce segregation of duties <br />
  14. 14. Key controls<br />Preventative:<br />Be extra cautious with system administrators and technical users with privileged access<br />Detective:<br />Log, monitor and track employee access<br />Develop insider incident response plan <br />Key: Organizations need to develop a layered defense plan using the controls that will work best for each type of asset. <br />
  15. 15. Balancing internal security and morale <br />Organizations must pull a balance between controls implemented and employee morale<br />Excessive controls may disrupt productivity<br />Employee monitoring affects morale:<br />“Big Brother” culture<br />Leads to resentment, hostility, high employee turnover rates <br />Key: Create a policy where employees have a clear understanding of the objectives of the implemented controls<br />
  16. 16. Potential privacy issues <br />May arise due to employee monitoring<br />Reading of e-mails, surveillance cameras to monitor behaviour, etc.<br />Only allowed under extreme circumstances <br />PIPEDA<br />Obtain consent from employees for monitoring <br />
  17. 17. Current issues <br />Insider threat from trusted business partners:<br />Increased outsourcing<br />Use of cloud computing <br />New set of risks<br />Growing insider threats in financial institutions:<br />Internal breach at the Bank of America <br />
  18. 18. Conclusion<br />Insider threat has evolved and become a significant and costly risk to organizations<br />C-suite executives needs to evaluate current plan and focus more efforts on developing a better plan<br />A layered defense plan<br />Find a good balance between security, employee morale and privacy <br />