Disclaimer: The opinions of the columnists are their own and not necessarily those of their employer.
Allan Pomerantz

Looking Through the Wrong End of the Telescope

Allan Pomerantz writes the column The Weakest Link
By Allan Pomerantz posted in CSO/CISO Perspectives, Cybercrime, Human Elements April 2, 2008 6:00am

At this point in time most companies have done at least a reasonable job of keeping the bad guys out. They probably have a firewall, Anti-Virus, URL filtering and some sort of centralization and viewing capability, whether home grown scripts or a commercial product. Many also have implemented some sort of malware detection and possibly a basic intrusion prevention system such as SNORT.

While recognizing that they don’t have perfect security, many organizations would feel they’ve done a pretty good job of protecting themselves. But while that may be true with regard to external threats they usually overlook the bigger threat - their own users (The Greatest Threat.)

The insider threat comes in two flavors – accidental and malicious.

The accidental insider threat also comes in two broad categories. The first is lack of awareness which is actually the fault of the company itself rather than the user whose lack of awareness is due to not receiving training in security threats and not being educated on the company’s security policies.

The second threat comes from a user who may be aware of the company’s security policies but finds them a hindrance to doing his job so he sends unencrypted confidential information to his web mail account or downloads helpful freeware (read malware.)

This is actually a failure of the company security policy because there are no technical controls in place to stop or report this type of behavior and because the security department hasn’t tried to give him a secure method to accomplish his objectives.

The malicious insider is both more dangerous and harder to stop. Clearly education and policy are ineffective. Further, his activities usually won’t set off any alarm bells because he is an authorized user and most companies do not even have tools to monitor such users or if they do the controls are not granular enough.

Finally, what makes him so dangerous is that like the rouge trader at the French bank, they often know the in-place security controls and can circumvent them. In addition, they have better knowledge of what to do with your systems than a hacker would.

Bookmark this post
Sphere: Related Content Print Print
Related Articles:
, , Post a comment or leave a trackback: Trackback URL.

2 Comments

  1. Anish Apr 3, 2008 at 5:46 am | Permalink

    I party agree with this statement ¨But while that may be true with regard to external threats they usually overlook the bigger threat - their own users (The Greatest Threat.)¨

    Every security guy and even CSOś know that 85% of breaches come from inside and companies do their best to educate their employees but employees don´t take it seriously because they have never heard of anybody getting fired in their company for a malicious behavior (Security related).

    Companies have now woke up to the insider threats which was missing around 1+ year back.

    Anish

  2. Anish Apr 4, 2008 at 1:45 am | Permalink

    Hi Allan,

    Just came across this story of a Chinese lady getting busted at the airport carrying confidential data and she said she worked for 2 companies at the same time and both were competitors.

    http://www.informationweek.com/news/security/attacks/showArticle.jhtml?articleID=207001607&cid=RSSfeed_IWK_Security

    another proof that insider threats are for real.

    Anish

Post a Comment

Your email is never published nor shared. Required fields are marked *

*
*