While a lot of companies are focusing on outsiders attacking their businesses to steal sensitive information, few of us focus on inside hackers. Home Depot, JPMorgan Chase and Target are fairly recent examples of cybercriminals going after credit cards and other customer information. Companies need to fix easily exploited vulnerabilities to address these problems, but they also need to look inward to current and former employees.
An example of this is a case where a contractor was fired from a Toyota factory in Kentucky. He went home, accessed the company’s network and started attacking systems. Apparently no one turned off his access to sensitive systems and he decided to wreak havoc. It took months to fix the damage and fortunately the culprit went to jail.
There are many other known and unknown examples of similar situations where a trusted insider caused major economic damage to a company. “The most costly data breaches are usually those that are created by a malicious insider,” said Larry Ponemon, chairman of the Ponemon Institute. “These people normally have access to things external hackers generally don’t have access to.”
Last month the FBI issued a warning to companies about a rise in hacking by current and former employees. Insider threats, both intentional and accidental, were cited by more than 70 percent of information security managers as their biggest concern in an April survey. Part of the concern is the ease with which we can share data through unofficial means. Employees often use cloud-storage services and personal email to transfer data, according to the September 23 public notice by the FBI and Department of Homeland Security. Our mobile and connected world makes it easy to move information, but sometimes that is fraught with danger as these systems are easily compromised.
Companies have to balance employee access to information with an understanding of suspicious or abnormal behavior. You need to look at who has access to sensitive information and systems. Many current or former employees have access to to the network or the ability to log into servers. If a current employee has legitimate access to a server, the employee’s rights should be limited to her or his job. As soon as an employee leaves, access to these systems should be revoked immediately.
Employees who illegally access company networks can find themselves in violation of the 1986 Computer Fraud and Abuse Act. That’s what happened to Robert Steele of Alexandria, Virginia, who used a secret administrative account to download proprietary documents from his former employer. He combed through thousands of documents while working for another contractor that competed for government work. He was convicted in May 2013 of unauthorized access to a protected computer.
Since the ultimate goal of the inside hacker is to access sensitive documents, you should protect them with a security policy that guarantees control at all times. Encrypting sensitive files and controlling who can access them provides a layer of security that works together with limiting network and server access. It’s important to monitor system access and limit it as needed, but many people have legitimate access to sensitive information. The accidental disclosure of information is just as prevalent as malicious intent.
Use a data-centric approach to lock your most important files. Applying rights management ensures ultimate control no matter where a file is located. This will prevent damage to your company and brand from unintentional or malicious activity.
Photo credit Brian Klug
