DEVELOPMENTS in Information and Communications Technology (ICT) and growing dependencies on information systems have made it more difficult to protect and defend confidential and critical data.
And, if defending against intruders and their increasingly sophisticated and powerful tools isn’t bad enough, ICT security professionals also have to deal with attacks involving people from within the organisation who already have access to the computer systems.
These people take advantage of their knowledge and access privileges to infiltrate networks.
Apart from disgruntled employees wishing to express anger or outrage, these insiders may also have other intentions such as stealing information for competitors.
A report by the US Secret Service (USSS) and the Computer Emergency Response Team Coordination Centre (CERT/CC) on cases between 1996 and 2002 shows that the highest cases involving insiders are sabotage followed by fraud and information theft mostly in the banking and finance sectors.
These threats become greater with the increase in outsourcing activities that involve contractors or suppliers who need privileged access to critical information such as company accounts, employee data, system configurations, and others.
Carelessness also leads to certain unprivileged users gaining access to sensitive data after having obtained access information such as usernames and passwords.
This is often done by “shoulder surfing” or watching for username and password pairs entered by other users.
Best practices
Organisations should take preventative measures to protect against threats before it harms the entire operation and employ certain best practices in the organisations.
Here are several recommendations that can and should be implemented:
Screening employees
Organisations should screen or conduct a background check on employees especially those who are responsible in areas with critical and confidential information by studying their background and personalities.
Password and account management
A strict password and account management policy should be implemented to ensure that only eligible personnel can access the network.
Also, upon resignation or termination, a former employee’s access account must be deactivated immediately.
Security awareness training
Employees should be aware of and understand the issues of information security in their organisations.
Organisations should educate their staff on how their actions can threaten the enterprise.
Periodic security awareness training is needed for the staff to increase the knowledge in information security such as desktop security and password management.
Monitoring and audit
Organisations should employ system monitoring or logging to observe and audit system use especially for employees who can access the network remotely.
This system must look for irregularity or changes to sensitive information and data.
Backup and recovery
To avoid the loss of important data due to accidental deletion or file corruption, a proper backup and recovery strategy should be implemented to ensure the organisation’s information systems are functioning even in the event of an attack.
Conclusion
Threats from intruders within the organisation can cause plenty of damage to a company’s computer systems, financial data, business operations and, ultimately, reputation.
As such, these organisations should take preventive measures.
Without firm restrictions and policy enforcement, insider attacks can have far reaching and deeply devastating effects on any business.
Comment Preview