A brief review
Insider threat
Introduction
An insider threat is a threat faced by an organization, attributed to its own people. This could be an employee, a former employee, a business associate or contractors who are familiar with the organization’s security practices and its work processes involving data handling and computers. Although the occurrence of ‘insider threat’ incidents is significantly low when compared to hacking attempts, these are more destructive for businesses. According to the Bureau of Justice Statistics, the cyber crimes against businesses in 2008 were only 11%, but it constituted about 52% of the losses suffered by the businesses. Another startling fact is that about 75% of the crimes were committed by insiders. The cyber crimes committed by insiders particularly trusted individuals, is a major problem as the perpetrators could include anyone from the accounting staff to senior executives. Another important aspect of cyber crimes by insiders is that it is often difficult to recognize a crime, when the offense is performed through legitimate authority. Managing insider threat is a major challenge but an elaborate security policy can help mitigate the risk.
Summary
Detecting insider threat is indeed a tough and a challenging task as the ones intent on causing harm are the ones who have official authority and thus the trust. Greg Stephens, an information security engineer emphasizes that humans have been the same and that only technology has changed. People have consistently had ego, revenge, personal ideologies, financial desperation and a variety of greed which hasn’t changed. However the economic and technical environment they work, change with time. People with malicious intent look for opportunities and vulnerabilities to exploit it. These threats could be carried out in several ways by insiders for any reasons. Although one’s usual access credentials could be more than enough to commit the crime, some insiders could still resort to password hacking, exploiting all possible vulnerabilities and misconfigurations (Deep dive, 2008). Predicting the type of individuals who could be a possible threat, is often impossible. Although many disgruntled people who could be a possible threat, could even give an explicit warning of the damage they can achieve, they are often trusted by their superiors, and their warnings are generally ignored for an impending betrayal. There is no simple personality model to indicate which kind of person is likely to commit an insider crime.
Companies can very often detect or prevent non-employees from accessing the company’s data in any form. It is highly feasible for companies to completely safeguard its data from unwanted access. However the thief who has more opportunities to steal and is also difficult to track down is the employee with legitimate rights. A theft of intellectual property could go unnoticed by the company for several months or even years. Employees indulge in taking away proprietary information when looking for a change in their job. Sometimes competing businesses or even a government could place a spy inside a company to illegally acquire the company’s proprietary information (FBI). At times they could also use an existing employee to carry out these.
Insiders have even threatened national security through security policy violations, theft, data destruction or malicious exploitation. They even have the potential to compromise networks, communication or other IT infrastructure. Organizations are forced with a challenge of differentiating normal behavior and behavior with a malicious intent (Eberle and Holder, 2011). Organizations need to develop the ability to mine and detect internal transactions for any insider threats. Despite the immense stake in insider threats, organizations only invest considerably in safeguarding their data security from outside.
Another important aspect of insider threat in business is insider trading. Insider trading occurs when an employee having access to privileged information as part of his job profile, decides to use this information for personal gains. A company’s earnings report, and developments that could have a bearing on its earnings, are released to the public at specified times, which soon impact its stand on the market. However insider elements could use this information before the public gets to know it, and can make bigger profits or avoid losses. Although there are laws to monitor and prosecute insider trading, insider trading cannot be completely prevented or detected. The reporting procedures of organizations are required to be in compliance with the Sarbanes Oxley Act. This Act specifies the requirements and procedures for financial reporting in organizations. There have been several instances, where even top company officials have been charged for insider trading (SEC, 2001).
Most employees exhibit unintentional signs, when they are under substantial pressure or when they feel the management is not treating them well. There are several possible signs an employee may exhibit when he or she is about to go rogue or when their royalty is declining. These include:
- Appearing intoxicated at work
- Sleeping during work hours
- Repeated absenteeism on Mondays or Fridays
- Attempt to induce others into undesired activities
- Pattern of lying and deception of managers
- Pattern of disrespect for rules (Olzak, 2013)
Disgruntled employees often behave themselves before managers. Therefore a problem employee’s peers are probably the best monitoring tool for an organization. All employees must be trained to look for signs of discontent, and be facilitated to anonymously report it to the management. The control framework for dealing with insider threat should include administrative, physical and technical components.
Preventing all cyber crimes is absolutely impossible, as this is paramount to crippling legitimate requirements. However several threats can be prevented if suspected early, but this rarely happens. A recent Verizon Data Breach Investigation has determined that 86% of the breaches were realized by third parties, rather than the affected victim (Deep dive, 2008). Although it may not be possible to perfectly rule out insider threats, it is possible to mitigate them. These can be achieved in several ways:
- Looking for unusual network traffic and host resource patterns, which could alert to unusual data pattern or data amounts.
- Reviewing event logs could reveal unusual activities like odd timings, sudden appearances or logging attempts through old accounts.
- Using data leak detection and prevention products helps flag potential data leaks.
- Performing random audit on all employees can reveal high-risk employees
- Ensuring role-based access control eliminates unnecessary access and provides only minimum required permission
- Isolating domains to prevent unnecessary connections of work stations and servers.
- Establishing third party protocols to ensure an acceptable use policy
In addition to these, the FBI recommends regular education and training of employees on security and other protocols. Employees need to have convenient ways for reporting security related developments (FBI, 2010). The security policies and protocols in place need to be periodically reviewed or whenever there is a change in technology to ensure it is still compatible.
Conclusion
Cyber crimes are among the fastest growing crimes against organizations and a major proportion of these are carried out by insiders. With globalization and larger networks, businesses have improved their data handling and communication abilities. However these have also become useful for insiders who misuse it. For instance it is easier to download large amounts of information and store it in a device like flash drive (MITRE, 2009). It is unfortunate that despite this, organizations are focused more on outsiders rather than insiders. Managing insider threat is a major challenge for organizations. Although it is almost impossible to rule out insider threats, taking precautionary measures can reduce the risk due to it. This can be achieved through a combination of physical and electronic barriers.
Cyber threat
Introduction
The cyber space is becoming increasingly relevant for the world, bringing with it newer possibilities and growth. However it also brings with it a new form of threat, a cyber threat which requires a cyber security to confront it. Identifying the major weakness in any cyber security is a matter of much controversy. This may be attributed to the fact that any element of cyberspace could be at risk, and given the connection of such elements, establishing the optimum level of cyber security requirement is difficult. Cyber crimes like identity thefts take time to be identified and when known, it could be too late. Cyber threat from criminal groups, hackers, and terrorists can not only affect computers and networks, but also affect individuals and organizations at a personal, social, financial, and legal level. Many crimes committed through the Internet may not be new but a modification or development of an existing version of fraud, trespassing or property destruction, through newer technology. Cyber crime legislation is a relatively new and developing field, and its effectiveness is limited given the characteristics of cyber crime.
Summary
Cyber threats have unique characteristics given the role of digital technology involved in it. Among the common forms of cyber crimes are intellectual property theft, illegal copying of proprietary music or software, hacking, identity theft, distribution of malware, phishing, online prostitution and pornography, and cyber stalking. These are often asymmetric which mean people with very limited financial or technical resources can attack and cause harm to high-value targets. The effects of a successful cyber threat are huge and can have disastrous consequences for an organization. Also a particular vulnerability when exploited could trigger a series of ripple effects. Given the high degree of anonymity associated with cyber threats, make identification of an intruder very time consuming, if not impossible (Masters, 2011). The organizations of today, particularly the ones in the banking and financial sector are heavily dependent on huge networks and are therefore considerably vulnerable to infrastructure attacks (Rosenthall, 2003). As anyone with a computer has the potential to cause harm, it is not possible to rule out any suspect when there has been a breach. Here the victim and the perpetrator may be located at two different nations or even continents at the time of an attack. Cyber crimes are therefore also compounded by jurisdictional problems as cyber crimes can be committed across geographical boundaries and time zones. The cyber crime legislations may also differ from country to country, in what they perceive as an offense and therefore apprehending the perpetrator, and prosecuting him or her is difficult.
Organizations need to resort to risk mitigation and management as an ongoing activity to counter cyber threats. A framework of cyber security can only be established through efforts from all stake holders. Individual approaches or a combination of these can be adopted for a best possible cyber security strategy. A comprehensive strategy with several approaches is necessary to tackle cyber crime. These approaches contribute differently to cyber security and have their respective strengths and weaknesses (Fischer, 2005). The risks and approaches include:
Careless employees: Malicious and untrained employees could be a serious threat to organizations. Sometimes employees could be duped by engineered attacks. But the policies and procedures, and the training and technology deployed can make an impact on the threat perspective of an organization (Help net Security, 2012).
Social networking: People have begun to communicate using social media websites like Facebook, Myspace, Twitter etc. These websites are vulnerable to identity thefts and also for launching attacks like spam and scareware. These social networks have third party applications which are also susceptible to attacks, when not monitored.
Mobile malware: Malware is the biggest organizational threat that can be installed on a system by several methods. It can sometimes be a major issue although it is mostly considered a nuisance. The operating systems and third party plug-ins are very susceptible to the attacks.
Code review: The applications are very vulnerable to attacks when they are associated with bugs. Developers need to cautiously code, so as to avoid all security flaws, before the code is integrated into production. Scanning of codes to pinpoint and fix flaws can be achieved by on-demand code review services.
Cyber espionage: Cyber espionage has been a long-time threat, which primarily targets governments and their agencies. These need to be monitored closely as espionage can be accomplished through viruses that are capable of changing their codes to evade detection by anti-virus programs.
Cyber security weaknesses can be addressed by the adoption of standards and certifications, implementing best practices and guidelines, regular auditing and benchmarks, and through education and training. Organizations must deploy precautionary measures like using biometric parameters, like palm reading and retina scan. The employees have to gain access to facilities only through magnetic cards, and the entry and exit points should always be under video surveillance. Organizations need to have in place, rigid security measures even in the absence of any regulatory compulsions (Flat World Solutions, 2008). Cyber threats can only be countered by a combination of physical and electronic barriers. Fundamental precautions include searching bags and belongings of all people entering or leaving the facilities. The floppy drives, CD drives which can facilitate data copy and carry away, should all be removed from the workstations. In addition to these, items like pen drives, floppies, and CDs on which data can be copied, should not allowed to be taken into the premises. Apart from disabling media drives, email is also disabled and printers too are not connected to the computers. Browsing habits, email attachments, spam, backups, unauthorized software, USB drives, social media, and mobile devices are among the important criteria associated with information security breach (CCSK Guide, 2011).
Conclusion
The rapid development of computer technology has no doubt expanded the communications and information markets. This has however come with immense social and economic costs. The very technology that brings benefit through it useful abilities is also sought for criminal purposes. The advancement of technology has ironically also helped these cyber criminals. Cyber crime is an evolving one that is reflective of technological developments. Law enforcement personnel and cyber criminals are always bent on outdoing each other. The technical competencies of these criminals are mostly ahead of the law enforcement agencies trying to control them. Identifying a major threat is a matter of controversy as any element of cyberspace could be at risk, thus making it difficult for an optimum cyber security framework to be set up. There are considerable difficulties in apprehension and prosecution of the cyber criminals. Therefore the best way for individuals and organizations to protect themselves from the clutches of these criminals is by being alert and by adopting risk mitigating strategies with regard to cyber security. Maintaining a safe and resilient cyber space is vital to sustenance and growth. Cyber security is a shared responsibility and newer cyber threats require coordinated engagement of the entire communities, from governments to public sectors and the members of the public.
References
CCSK Guide (2011) Risky behavior: Data security practices in the workplace. Retrieved from
http://ccskguide.org/risky-behavior-data-security-practices-in-the-workplace/
Deep dive (2008) Defend your network from rogue employees. Retrieved from
http://webcache.googleusercontent.com/search?q=cache:hUKYMnkHKNoJ:resources.idgenterprise.com/original/AST-0059778_insiderthreat_netiq_v2.pdf+detecting+the+insider+threat+in+cyber+crime&hl=en&gl=in
Eberle W and Holder L (2011) Detecting insider threats using a graph-based approach. Retrieved from
https://docs.google.com/viewer?a=v&q=cache:rD6f9HjVDD8J:www.eecs.wsu.edu/~holder/pubs/EberleCAEWIT10.pdf+challenges+in+detecting+the+insider+threat+in+cyber+crime&hl=en&gl=in&pid=bl&srcid=ADGEEShKLm_zjbn7TlXV3Tg0Fczt1u-3X9Lj0kGobVaj5_2s5Ipp3RlkfbYdpToVMKajEJU09hTC_1eTjfHFJRAE7Yr4lGArdiW8fWE8hjyum5f_NQkQfvka1gNkcopz63aKdH9ihnz3&sig=AHIEtbRynrqGF8t-vwloseM3DJGyD0M5wg
FBI (2010) Counterintelligence. Retrieved from
http://www.fbi.gov/about-us/investigate/counterintelligence/the-insider-threat
Fischer E.A (2005) Creating a national framework for cyber security: An analysis of issues and options. Quoted in Choi L.V (ed) Cyber security and homeland security Nova Science Publishers (3-10) New York
Flat World Solutions (2008). Data privacy and security concerns in outsourcing [Electronic Version] ] Retrieved from http://www.outsource2india.com/why_india/articles/data_privacy.asp
Help net Security (2012) Top 10 information security threats for 2010. Retrieved from http://www.net-security.org/secworld.php?id=8709
Masters J (2011) Confronting the cyber threat. Retrieved from http://www.cfr.org/technology-and-foreign-policy/confronting-cyber-threat/p15577
MITRE (2009) Insider threats: Countering cyber crime from within. Retrieved from http://www.mitre.org/news/digest/homeland_security/10_09/cyber_crime.html
Olzak T (2013) Insider threats: Implementing the right controls. Retrieved from
http://www.techrepublic.com/blog/security/insider-threats-implementing-the-right-controls/9105
Rosenthall B.E., (2003) How offshore providers ensure data security [Electronic Version] Retrieved from http://www.outsourcing-offshore.com/opi.html
SEC (2001) Insider trading . [Electronic Version]. Retrieved from
http://www.sec.gov/answers/insider.htm