When it comes to IT security, the biggest risk is more real—and closer to you—than you might think. Recent studies show that insider security breaches are not only one of the most common types of attack, they are also the most expensive.
What is an insider attack?
An insider attack is one that is carried out by a person or persons who have authorized system access. It could be malicious,or it could be due to an innocent mistake of some sort. One classic example is that of a disgruntled employee who is planning on moving to a competitor company and decides to take confidential customer information along.
In a recent case, as of software developer went to extraordinary lengths to fool his employer by outsourcing his own job to a counterpart based in China. Thanks to the coding skills of his Chinese proxy, the employee in question managed to free up his day, enabling him to surf the internet and watch online videos. As a result, he received amazing quarterly reviews and was regarded as the best developer the company had. Eventually he was caught, but what is surprising is that he got away with it for a considerable period of time.
Insider attacks are—and always have been— one of the toughest types of security risks to deal with. Having the right procedures and measures in place is extremely important.
Here are some of the more common methods employed for IT security:
1. Multi-factor authentication
Multi-factor authentication (MFA) requires two or more steps in the authentication process, such as a username and password plus a code sent to a cell phone. MFA is not going to protect against an insider that knows what they are doing, but it can help prevent against classic mistakes that employees make, like leaving a password lying around or using an access code that is easily deciphered.
2. Data security
Encrypting data can go a long way toward censuring that information is of no value to third parties, should it fall into the wrong hands. Most IT providers encrypt data in transit, and some also offer the option to encrypt data at rest. The other side of data security is physical. The data center environment should be in conspicuous and secure, and all access should be audited.
Another way to help thwart inside attacks is by searching for abnormal workflow patterns. This can be a challenge depending on the type of business, however by examining and recording normal behavior, it can become clear when workflows go beyond the boundaries of normal practices.
It doesn’t matter how much effort you put into ensuring outsiders are kept away from your company’s confidential information, there will always be a danger of inside attacks. However, the risk can be minimized by placing your IT infrastructure in to the hands of service providers that are practiced cyber security professionals. By ensuring that policies and procedures are implemented and monitored, you can substantially reduce the like likelihood of insider attack.
While poorly managed IT can contribute to a high risk of insider threat, a well-managed and secure environment offers the latest in defense mechanisms against an age old security risk.