Despite taking precautions to secure computer networks, organizations can still be at great risk if they lack measures that protect them from their own employees, a danger known as the insider threat. According to a computer crime survey by the FBI, 44 percent of organizations reported insider attacks in 2005, out of 2,066 organizations surveyed.
An insider threat occurs when the security of a system or network is compromised from within, as opposed to attacks from outside the system. This can take place in the following forms:
- Deliberate leaks of information by employees
- Acts by disgruntled employees (Employees about to be fired may delete data, render parts of the system inoperable, or take classified information and data with them when they leave the organization.)
- Attempts by employees to extort pay raises or prevent severance using these threats
- Leaks by friends or relatives who have access to employee computers
Acts range from fraud or theft of information to sabotaging the entire network or system. Losses related to insider attacks have been as much as $700 million. In addition to financial damage, organizations can lose the trust of customers.
Organizations have difficulty dealing with insider threats. Standard system defenses, such as firewalls, intrusion detection systems (IDS), and anti-virus as well as physical secure building access and access to computers, do not offer protection because employees are already inside the network and within the circle of trust. Adding to the difficulty, insiders can be well aware of the organization’s policies and any loopholes.
The number of reported cases is a small fraction of what actually occurs. Typically, when an organization’s security is breached by an insider, the incident is handled quietly to avoid publicity. As a consequence, these employees may move on to another job and repeat the procedure. Companies that do not conduct background checks when hiring system administrators or management information systems specialists could end up employing convicted hackers or hackers with felonies on their records.
Preventive practices
Organizations who try to prevent insider threats from occurring take some of the following security measures:
- Use "Access Control Lists" to police the amount of information and data that employees can access.
- Adopt policies that forbid the use of work computers for personal use.
- Use encryption internally as well as externally to prevent unauthorized access.
- Have tight controls over how employees use computers. For example, some organizations restrict email attachment sizes and run port scans that check what network software is running on employees’ computers. They may monitor the Internet activities of their employees and prevent access to some Web sites.
- Conduct stricter background checks on job candidates.
Through more effort to prevent threats, organizations may one day better understand the reasons behind insider threats and why they are so prevalent.
References
- The Insider Threat to Information Systems
- Insider Threat Statistics (Schneier on Security)
- Insider Threat Research (CERT)
- 2005 FBI Computer Crime Survey (PDF)
Share your comments, feedback or questions about this article and other topics. Go to our blog or our Facebook group .
Print view
Email to a friend
Submit to Reddit
Save to del.icio.us
Submit to Digg.com
Stumble It!