Insiders — the invisible threat lurking in your office

With all of the focus in the business world recently related to hackers, we have tended to overlook a group of potential bad actors who have already penetrated our perimeter security, and have access to our facilities — our employees and contractors. While our security teams usually monitor firewall and intrusion prevention logs, the threat from insiders is, in many cases, completely ignored. 

While some insiders are intent on stealing data or damaging systems for profit or some other motive, many more expose their employers to harm just by making mistakes. Whether intent exists or not, the damage is just as bad. 

Just about everyone who has been in corporate IT for any length of time has been involved in an investigation of an insider. The most common scenario involves an employee who has been involved in a bad act for some time, and was only noticed when the bad activity reached a threshold, causing it to come to someone’s attention. This generates a frantic effort to quantify and remediate the damage. Unfortunately, by that time, the impact is usually big. 

According to the IBM publication The Year the Internet Fell Apart, in 2014, 31.5% of security incidents originated with malicious insiders, with another 23.5% coming from inadvertent actors. You don’t need to be really good at math to immediately recognize that more than half of our incidents are coming from the inside. 

With the great emphasis today in threat information sharing, often referred to threat intelligence, insider threats pose a particular problem. A Forbes sums up the problem rather well: “There is an overall lack of knowledge of insider threats, and the public and private sector cannot share what they do not know.” 

In a recent example, and Oregon sportsware company discovered that their former IT administrator had left backdoors into their systems. He is accused of accessing their network via the backdoors over 700 times to benefit his new employer. Unfortunately, there are all too many similar examples, and those are just the ones we know about. 

Much of our challenge is today’s environment is our mobile workforce. A large percentage of the workforce is making use of mobile devices to do their jobs, and their employers are hard pressed to properly control such devices. In a recent study by Apricorn, more than half of the companies surveyed said that it was now too hard to manage the technology their employees use, and 35% found that the tools necessary to secure mobile devices were too expensive for them to deploy. 

So, should we concede defeat and just ignore the risks posed by insiders, and focus instead on outside actors? I would suggest otherwise, because while the challenge is big, it is not impossible. Consider the following: 

Use mobile management software

As respondents to the Apricorn study mentioned above said, mobile management software can be expensive. I would suggest however that it is less expensive than a single major data breach. There are a variety of tools available to control employee mobile devices, and they provide essential features such as encryption, secure email, and remote wipe of corporate data. My favorite such tool is VMware AirWatch. 

Once you have mobile management technology in place, you must take a hard line in requiring employees to immediately report lost or stolen devices. Such losses happen to all of us, so there should be no embarrassment. Prompt notification allows devices to be wiped remotely, preventing exfiltration of data. 

Encrypt laptops

Laptops are lost and stolen very frequently. I recently dealt with the theft of three laptops from a rental car being used by employees at a customer site. All of the laptops had customer data, and based on surveillance video, were gone in a matter of seconds, in broad daylight in a visible public parking lot.

The only way to keep laptop data safe is to encrypt the data on the hard drive. For most users, this is as simple as enabling BitLocker, which is included with Windows, or FileVault, which is part of MacOS. 

Control access

Carefully controlling what systems and data your employees have access to can significantly reduce your risk of data loss. Employees should only have access to the information necessary to do their job, and no more.

Some years ago, a now defunct computer manufacturer, in an effort to sell the importance of user access control, adopted the tag line “stinginess with privilege is kindness in disguise.”  While a bit of a cliché, it is all too true. 

Disable departed employees

I suspect if most companies audited their current employee lists against their active users, they would be shocked to learn that there were more active users than employees. It is all too easy to forget to disable access when an employee leaves, but the consequences can be disastrous. Proper access termination is just as important for people who voluntarily resign, as it is for those who are terminated. A simple departure checklist can make the process very manageable. 

It is ironic that, with all of the focus on outside bad actors and hackers, we tend to ignore those in the inside. Our tendency is to trust them as part of our corporate family. Unfortunately or accidentally they let us down too often.

To controls your security and protect your data, look inside your walls first, before you worry about those on the outside.