Categories: SecurityWorkspace

Stop Malware Before Data Breaches Damage Your Business

As intriguing as the idea of a mysterious cyber-criminal hacking his way into a corporate network sounds, the majority of data breaches are the work of insiders.

An employee copies data to a USB device and leaves it in a cab; a contractor misplaces a CD with customer information—these are common causes of data breaches. But sometimes, it is not an accident, and rather than a master criminal scaling the network perimeter it’s a sullen systems administrator causing the havoc.

Technology can’t detect it

Dawn Cappelli knows that well. As the technical lead of CERT’s insider threat research at Carnegie Mellon’s Software Engineering Institute, she has analysed 450 cases of malicious insiders in search of common threads that businesses can use to develop security strategies. Activity by malicious insiders, she said, can be broken down into three categories: IT sabotage, theft of IP (intellectual property) and fraud.

“If you look at these crimes, you can’t detect it with technology alone because a system administrator is going to use his authorised access to do what he does everyday and you can’t tell if it’s malicious or not unless you know when to look,” Cappelli said. “Theft of IP; these people are going to take what they work on everyday. They are going to use their authorised access. Unless you put a strategy together that looks at the people, the process and the technology, it’s going to be very hard to detect these things.”

In the case of IT sabotage, these incidents are typically committed by someone such as a systems administrator who has privileged access, she said, adding that many of these crimes occur after the person has been terminated. The person will often create a back-door account—an act unlikely to raise red flags since it is not abnormal for administrators to create accounts—so as to be able to enter the network remotely later on. Detecting these types of situations relies on a mix of technology and people, starting with communication between human resources and IT when a disgruntled employee is about to be terminated and warrants closer attention.

“In all of these cases that we have of insider IT sabotage, we don’t have a single case where people said, ‘Oh, he was such a nice guy I can’t believe he ever would have done anything like that,'” Cappelli said. “In all of these cases, it’s the person who, they don’t get along with people, they cause trouble at work … and soon as you see somebody who’s disgruntled you can’t immediately say, ‘Uh-oh, you know what, they might attack.’ You’re looking for this escalation where it gets worse and worse and they don’t get over it like most people do.”

A job for HR and IT?

Communication between human resources and IT can only go so far, of course. Technologies such as logging, activity monitoring and change management also have a key role to play.

Typically, “When we see an insider employee involved in a breach, we see that privileges and user rights have not been well-defined, and that the employee has a toxic combination of privileges that allows them access to data that is not required to perform their job,” said Thom VanHorn, vice president of global marketing at Application Security. “Implementing best practices and setting up privileges and user rights that provide only the access necessary for the employee’s daily job tasks as well as continuously monitoring user rights goes a long way toward preventing insider attacks.”

Page: 1 2

Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved

Share
Published by
Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved

Recent Posts

Spyware Maker NSO Group Found Liable In US Court

Landmark ruling finds NSO Group liable on hacking charges in US federal court, after Pegasus…

2 days ago

Microsoft Diversifying 365 Copilot Away From OpenAI

Microsoft reportedly adding internal and third-party AI models to enterprise 365 Copilot offering as it…

2 days ago

Albania Bans TikTok For One Year After Stabbing

Albania to ban access to TikTok for one year after schoolboy stabbed to death, as…

2 days ago

Foldable Shipments Slow In China Amidst Global Growth Pains

Shipments of foldable smartphones show dramatic slowdown in world's biggest smartphone market amidst broader growth…

2 days ago

Google Proposes Remedies After Antitrust Defeat

Google proposes modest remedies to restore search competition, while decrying government overreach and planning appeal

2 days ago

Sega Considers Starting Own Game Subscription Service

Sega 'evaluating' starting its own game subscription service, as on-demand business model makes headway in…

2 days ago