Inside the insider

Three Coca-Cola employees were charged with stealing confidential information and samples of a new drink in the hope of selling them to competitor PepsiCo. Information is the lifeblood of the company. Carlo Minassian * knows this only too well as he is charged with the security of many companies’ data.

While we seem to be inundated with reports of data breaches similar to the Coca-Cola example above, we may not know the full extent of the problem. More than 80% of our clients have experienced at least one and possibly more unreported insider-related security breaches within their organisation.

Would you know if your email administrator or any one of your privileged IT staff was regularly reading your email and that of other staff such as the CEO? Well I can assure you that our experience shows that this kind of practice goes on undetected in seven out of 10 organisations that we monitor.

A lack of resources and leadership makes it difficult to address the insider threat. Speaking with our clients we have found out that the number one barrier to addressing this risk is a lack of sufficient resources, followed by a lack of leadership and finally ownership of managing insider threats. In most cases, the CEO does not even believe the insider threat is serious, while in contrast the IT and security staff believe that it should be taken seriously.

Insiders have two things that external attackers don’t: privileged access and trust. This allows them to bypass preventative measures, access mission-critical assets, and conduct malicious acts, all while flying under the radar unless a strong incident detection solution is in place. Some employees become malicious over time; others may be spies planted to conduct industrial espionage; while still others simply make mistakes that unknowingly put the organisation at risk.

A number of variables motivate insiders, but the end result is that they can more easily perpetrate their crimes than an outsider who has limited access.

So what is the root cause of insider threats? In most of the cases we have investigated it has been either due to accidental data leaks that occur because employees or contractors lack sufficient knowledge about preventive measures and they are simply careless. It could also be due to corporate sabotage because employees or contractors are malicious or disgruntled.

All security events need end-to-end management, but this is particularly relevant for insiders. Managing an insider can be a sensitive topic that is politically charged and it requires that policies and procedures be directly integrated into the solution. From case management, event annotation and escalation to reporting, auditing and access to insider-relevant information, the technical solution must be in line with the organisation’s procedures.

Insiders need to be addressed consistently, efficiently and effectively regardless of who they are. This process requires executive sponsorship and the involvement of major stakeholders such as human resources, legal, IT and management.

* Carlo Minassian is the founder and managing director of Earthwave, an Australian provider of security services. Since starting the company in 2000, Minassian has helped establish Earthwave as a leading national security service provider relied on by hundreds of Australian businesses every day as they interact on the internet and conduct business online.

Minassian has 15 years’ experience in the technology industry. He has extensive expertise with business and technical issues, combined with technical risk management and network security consulting experience, allowing the provision of a seamless service in the e-business and security arena. For the last 11 years Minassian has focused on computer related crime which has given him a realistic insight into the threats and risks associated with computers, networks and the internet - and an individual’s motivation for aggressive attacks.