What your business needs to know about insider attacks

Kathleen Hall

Wednesday 29 October 2014

When it comes to preventing cyber-attacks, most companies concentrate their efforts on tooling up against external threats. But this can often be at the expense of neglecting the more insidious threats from within.

In many ways, insiders have greater potential to do harm than external attackers, as they have authorised access to systems and a wider knowledge of the company’s network.

At the end of last month, the FBI warned organisations of an increase in computer-network exploitation and disruption by disgruntled and/or former employees. It cited examples of individuals using their access to destroy data, steal proprietary software, obtain customer information and gain a competitive edge at a new company.

An ongoing problem

The increasing use of cloud storage has facilitated theft of proprietary information, with former employees continuing to access computer networks through the installation of unauthorised remote desktop protocol software.

The warning comes as companies report feeling less equipped to deal with insider attacks compared with two years ago. Of 700 executives surveyed in 2013, 54 per cent said insider threats were more difficult to prevent than in 2011, with only 21 per cent saying the situation had improved, according to IT research firm Enterprise Strategy Group (ESG).

But there are a number of steps organisations can take to prevent insider attacks. The first and most obvious is to put “granular access controls” in place in order to restrict access to sensitive information. This means that IT administrators should be limited to only the data necessary to get their jobs done, according to ESG.

What you can do

Companies should also put in place continuous monitoring tools to monitor data access and usage. This could include automated alerts and centralised logging tools to indicate signs of suspicious behaviour, such as employees sending unusually large files outside the organisation.

All sensitive data should be protected with encryption technology to prevent tampering and data breaches. The FBI also recommends employees change their corporate-account passwords regularly. In many instances, default passwords are provided by IT staff and never changed.

And along with closing any accounts that individuals don’t need in order to perform their daily tasks, companies should ensure they immediately terminate all accounts associated with an employee or contractor upon dismissal.

There is no silver bullet to being entirely secure against security threats, but by taking a number of steps to remove opportunistic attacks, companies stand to have a better chance of protecting their most important assets.