Insider threats are a type of security breach. However, they present such a significant issue that we will deal with them separately. An insider threat is simply when someone inside your organization either misuses his access to data or accesses data he is not authorized to access.
The most obvious case is that of Edward Snowden. For our purposes we can ignore the political issues connected with his case and instead focus solely on the issue of insiders accessing information andusing it in a way other than what was authorized.
In 2009 Edward Snowden was working as a contractor for Dell, which manages computer systems
for several U.S. government agencies. In March 2012 he was assigned to an NSA location in Hawii.
While there he convinced several people at that location to provide him with their login and password, under the pretense of performing network administrative duties. Some sources dispute whether or not this is the specific method he used, but it is the one most widely reported. Whatever method he used, he accessed and downloaded thousands of documents that he was not authorized to access.
Again, ignoring the political issues and the content of the documents, our focus is on the security
issues. Clearly there were inadequate security controls in place to detect Edward Snowden’s activities
and to prevent him from disclosing confidential documents. While your organization may not have the high profile that the NSA has, any organization is susceptible to insider threats. Theft of trade secrets by insiders is a common business concern and has been the focus of many lawsuits against former Security Technology,” we will see some countermeasures to mitigate this threat.
While Edward Snowden is an obvious example of insider threats, that is only one example. A common scenario is when someone who has legitimate access to some particular source of data chooses either to access data he is not authorized to access or to use the data in a manner other than
■ A hospital employee who accesses patient records to use the data to steal a patient’s identity, or
someone with no access at all who accesses records.
issues. Clearly there were inadequate security controls in place to detect Edward Snowden’s activities
and to prevent him from disclosing confidential documents. While your organization may not have the high profile that the NSA has, any organization is susceptible to insider threats. Theft of trade secrets by insiders is a common business concern and has been the focus of many lawsuits against former Security Technology,” we will see some countermeasures to mitigate this threat.
While Edward Snowden is an obvious example of insider threats, that is only one example. A common scenario is when someone who has legitimate access to some particular source of data chooses either to access data he is not authorized to access or to use the data in a manner other than
How he has been authorized. Here are a few examples:
■ A hospital employee who accesses patient records to use the data to steal a patient’s identity, or
someone with no access at all who accesses records.
■ A salesperson who takes the list of contacts with him before leaving the company.
This is actually a much greater problem than many people appreciate. Within an organization, infor-
mation security is often more lax than it should be. Most people are more concerned with external
security than internal security, so it is often rather easy to access data within an organization. In my
career as a security consultant, I have seen networks where sensitive data is simply placed on a shared drive with no limiting of access to it. That means anyone on the network can access that data.
This is actually a much greater problem than many people appreciate. Within an organization, infor-
mation security is often more lax than it should be. Most people are more concerned with external
security than internal security, so it is often rather easy to access data within an organization. In my
career as a security consultant, I have seen networks where sensitive data is simply placed on a shared drive with no limiting of access to it. That means anyone on the network can access that data.
In a case such as this, no crime has been committed. However, in other cases, employees purposefully
circumvent security measures to access data they are not authorized to. The most common method
is to simply log in with someone else’s password. That enables the perpetrator to access whatever
resources and data to which that other person has been granted access. Unfortunately, many people use weak passwords or, worse, they write their password somewhere on their desk. Some users even share passwords. For example, suppose a sales manager is out sick but wants to check to see if a client has emailed her. So she calls her assistant and gives him her login so he can check her email.
circumvent security measures to access data they are not authorized to. The most common method
is to simply log in with someone else’s password. That enables the perpetrator to access whatever
resources and data to which that other person has been granted access. Unfortunately, many people use weak passwords or, worse, they write their password somewhere on their desk. Some users even share passwords. For example, suppose a sales manager is out sick but wants to check to see if a client has emailed her. So she calls her assistant and gives him her login so he can check her email.
This sort of behavior should be strictly prohibited by company security policies, but it still occurs. The problem is that now two people have the sales manager’s login. Either one could use it or reveal it to someone else (accidentally or on purpose). So there is a greater chance of someone using that manager’s login to access data he has not been authorized to access.
0 Comments