Insider Threats Giving IT Execs Nightmares

By Sharon Gaudin | Nov 4, 2005 | Print this Page
http://www.enterprisenetworkingplanet.com/netsecur/article.php/3561941/Insider-Threats-Giving-IT-Execs-Nightmares.htm

A network engineer at a Kansas City company says he's just as worried about threats to his company's network coming from inside the corporate walls than he is about any hacker busting through the perimeter.

"Once you're already inside that firewall, you're considered trusted," says Josh Herr, network engineer at Ladlaw Transit Services, an outsourcing company that handles bus scheduling and routing services. "You've always got to worry... We're in the process of putting firewalls between the front end and the back end of the system to alleviate that concern. The back-end system will have a completely separate firewall network. It will keep people internally from getting through."

According to a new survey, Herr isn't alone in his concerns.

Sixty-nine percent of 110 senior executives at Fortune 1,000 companies say they are 'very concerned' about insider network attacks or data theft, according to a study by Caymas Systems, a network security technology firm based in San Jose, Calif. And 25 percent say they are so concerned they can't sleep at night, Sanjay Uppal, a vice president at Caymas Systems, told eSecurityPlanet.

Only 13 percent says they are not worried at all.

And Uppal says if they're not, they should be.

"I think they should definitely be worried," he adds. "The people who are not worried just haven't been hit yet. They have a false sense of security."

What's worrying Herr is the number of outside contractors who are on his network. "A lot of [the worry] is about the people who are coming into our network for short periods of time, such as auditors and contractors," says Herr. "We're not in charge of those PCs."

Uppal claims 30 percent of people who come in and work on your average network every day are temporary workers. And that brings up specific threat concerns. But he also says that IT and security administrators should not forget about permanent workers and the havoc they can wreak. After all, who knows better where critical information is stored or what the boss' password might be, than someone who works in the company?

And if a worker is unhappy about not receiving a bonus or feels slighted for any other reason, she just might be disgruntled enough to want to cause the company some serious damage.

"As we can see in the media more and more, the concept of a company really taking care of its people -- that bond is less and less secure," says Uppal. "If a company doesn't take care of its people, then the workers won't have that much loyalty either."

Security from the Inside
Uppal says insider security threats definitely need to be dealt with... and quickly. But it's not an easy problem to solve.

"People coming from the outside all come from one place," he explains. "People on the inside are coming in from many many places -- the conference room, their desks, at home on their laptops. It's actually a problem that's not all that easy to tackle."

The first step, according to Uppal, is to reign in the temporary workers and people who are coming in as guests to the company. "Someone might come in for a meeting, find an open jack in a conference room, then plug in, and they're off and running," he says. "People should install barriers or hurdles, access controls on the network. The software would scan the laptop and then realize it's not an authorized machine. It would then ask for a user name and password to distinguish that this person should not be there."

Uppal also recommends that workers should be limited as to what parts of the network they can access. Someone working in production shouldn't be able to access financials. And someone working in the financial department, should be able to access personnel records and reviews.

"We hear a lot about viruses or hackers coming in through the perimeter," Uppal says. "We don't hear what's going on inside the network. People don't want to admit that it's a problem."

Article courtesy of eSecurityPlanet.com