Government Technology

Internal Attacks: How to Protect Your Data

November 18, 2009 By

A consultant -- about to be let go - installed a logic bomb in a script in one of his employer's servers. Luckily it was found before any damage was done. Had it not been found, it would have shut down thousands of data center servers. While few employees -- even those under threat of firing or layoff -- would do such a thing, Ron Koch, Ernst and Young's security competency leader, told Government Technology that the economic downturn has the potential to increase the possibility of insider attacks motivated by workforce reductions. And even one disgruntled former employee with access can create havoc, especially if budget reductions have curtailed security.

In a recent security survey by Ernst and Young, 25 percent of respondents witnessed an increase in internal threats and 13 percent reported an increase in internally perpetrated fraud. "Employees might not feel the same level of loyalty to the company as they had in the past because they feel that their job may be in jeopardy. I think a lot of it has to do with the uncertainty that they may be feeling in their jobs or they may have become a victim of workforce reduction," Koch said.

Have a Plan

The key to mitigating these risks is to have a formal response -- an effective, functioning, mature plan put in place well before an event happens. The day before an organization plans to downsize is too late. Agencies and organizations should have a documented set of procedures and assigned responsibilities that get executed in the event of a workforce reduction. Organizations should also have strong controls around identity and access management. It is important to understand the access that each employee has and to have an automated procedure to rapidly disable that access so that a terminated employee can't misuse it.

"In a lot of organizations, users have much more access than they really need for their jobs. Employees who have been with the organization for a long period of time tend to accrue access over time that never gets taken away. Organizations should inventory the access that each employee currently has and see if it's really necessary and if not, take it away. This was you can at least limit the scope of an attack that a person could execute," Koch said.

Data Protection and Data Leakage Prevention

Another aspect of IT security that Koch believes is still not quite mature in its deployment yet is data protection and data leakage prevention. Those tools would help prevent the inappropriate or unauthorized copying of data to removable media, personal devices, or transmission of that data across the network or via e-mail. "I think good logging and monitoring is very important to be able to either detect an attack in process or at the very least be able figure out what happened after an attack and provide forensic evidence if necessary for prosecution or action after the fact," Koch said.


| More


Add Your Comment

You are solely responsible for the content of your comments. We reserve the right to remove comments that are considered profane, vulgar, obscene, factually inaccurate, off-topic, or considered a personal attack.

In Our Library

White Papers | Exclusives Reports | Webinar Archives | Best Practices and Case Studies
McAfee Enterprise Security Manager and Threat Intelligence Exchange
As a part of the Intel® Security product offering, McAfee® Enterprise Security Manager and McAfee Threat Intelligence Exchange work together to provide organizations with exactly what they need to fight advanced threats. You get the situational awareness, actionable intelligence, and instantaneous speed to immediately identify, respond to, and proactively neutralize threats in just milliseconds.
Better security. Better government.
Powering security at all levels of government with simpler, more connected IT.
Cybersecurity in an "All-IP World" Are You Prepared?
In a recent survey conducted by Public CIO, over 125 respondents shared how they protect their environments from cyber threats and the challenges they see in an all-IP world. Read how your cybersecurity strategies and attitudes compare with your peers.
View All

Featured Papers