Government Technology

Internal Attacks: How to Protect Your Data



November 18, 2009 By

A consultant -- about to be let go - installed a logic bomb in a script in one of his employer's servers. Luckily it was found before any damage was done. Had it not been found, it would have shut down thousands of data center servers. While few employees -- even those under threat of firing or layoff -- would do such a thing, Ron Koch, Ernst and Young's security competency leader, told Government Technology that the economic downturn has the potential to increase the possibility of insider attacks motivated by workforce reductions. And even one disgruntled former employee with access can create havoc, especially if budget reductions have curtailed security.

In a recent security survey by Ernst and Young, 25 percent of respondents witnessed an increase in internal threats and 13 percent reported an increase in internally perpetrated fraud. "Employees might not feel the same level of loyalty to the company as they had in the past because they feel that their job may be in jeopardy. I think a lot of it has to do with the uncertainty that they may be feeling in their jobs or they may have become a victim of workforce reduction," Koch said.

Have a Plan

The key to mitigating these risks is to have a formal response -- an effective, functioning, mature plan put in place well before an event happens. The day before an organization plans to downsize is too late. Agencies and organizations should have a documented set of procedures and assigned responsibilities that get executed in the event of a workforce reduction. Organizations should also have strong controls around identity and access management. It is important to understand the access that each employee has and to have an automated procedure to rapidly disable that access so that a terminated employee can't misuse it.

"In a lot of organizations, users have much more access than they really need for their jobs. Employees who have been with the organization for a long period of time tend to accrue access over time that never gets taken away. Organizations should inventory the access that each employee currently has and see if it's really necessary and if not, take it away. This was you can at least limit the scope of an attack that a person could execute," Koch said.

Data Protection and Data Leakage Prevention

Another aspect of IT security that Koch believes is still not quite mature in its deployment yet is data protection and data leakage prevention. Those tools would help prevent the inappropriate or unauthorized copying of data to removable media, personal devices, or transmission of that data across the network or via e-mail. "I think good logging and monitoring is very important to be able to either detect an attack in process or at the very least be able figure out what happened after an attack and provide forensic evidence if necessary for prosecution or action after the fact," Koch said.

 


| More

Comments

Add Your Comment

You are solely responsible for the content of your comments. We reserve the right to remove comments that are considered profane, vulgar, obscene, factually inaccurate, off-topic, or considered a personal attack.

In Our Library

White Papers | Exclusives Reports | Webinar Archives | Best Practices and Case Studies
Best Practice Guide for Cloud and As-A-Service Procurements
While technology service options for government continue to evolve, procurement processes and policies have remained firmly rooted in practices that are no longer effective. This guide, built upon the collaborative work of state and local government and industry executives, outlines and explains the changes needed for more flexible and agile procurement processes.
Fresh Ideas In Online Security for Public Safety Organizations
Lesley Carhart, Senior Information Security Specialist at Motorola Solutions, knows that online and computer security are more challenging than ever. Personal smartphones, removable devices like USB storage drives, and social media have a significant impact on security. In “Fresh Ideas in Online Security for Public Safely Organizations,” Lesley provides recommendations to improve your online security against threats from social networks, removable devices, weak passwords and digital photos.
Meeting Constituents Where They Are With Dynamic, Real-Time Mobile Engagement
Leveraging the proven and open Kofax Mobile Capture Platform, organizations can rapidly integrate powerful mobile engagement solutions across the spectrum of mobile image capture, mobile data capture and complete mobile process integration. Kofax differentiates itself by extending capture to mobility, supporting multiple points of constituent engagement. Kofax solutions dynamically orchestrate the user’s mobile experience from a single platform—reducing time to market, improving process perf
View All

Featured Papers