People, Policies Catch Insiders

Monday, October 29, 2012 @ 04:10 PM gHale

Businesses that build close relationships with employees and had regular habits regarding intellectual property tend to have greater success at protecting their business’ valuable data, a new study shows.

The most effective companies identified their important data, established strong ties with employees, spearheaded cross-disciplinary security efforts, and enforced policy with technology, according to the report by security firm Impervia.

Govt Report: Record Exposure Booms
Philips Hit for Second Time in Month
Sony Hacked Again
Sony Hack: LulzSec Suspect Busted

“Insider threat management is part psychology and part technology,” said Rob Rachwald, director of security for data-security firm Imperva. “There is a recognition that people work with data and intellectual property, but that they don’t have a sense of respect for it in the same way that you would have a sense of respect for somebody’s wallet.”

While less frequent than external attacks, insider threats tend to cause more damage, especially if the insider has privileged access to important data. A study of breach costs released in March by the Ponemon Institute found negligent insiders — one form of insider threat — was the leading cause of data breaches in the United States, accounting for 39 percent of breaches.

The following are the top insider security habits:
1. Educate employees in business’ ethics
Businesses need to teach employees to think the same way about information assets as the firms’ management because most employees do not have the same viewpoint as their companies. In one study conducted in London, for example, 44 percent of the people surveyed planned to take either customer or intellectual-property data with them when they left their jobs.

No reminder is as important as when the employee is leaving: Some companies draft strongly worded legal reminders to workers that, if their sensitive data ends up at the employee’s new company, the old company would hold the employee accountable. Making sure the company labels confidential data acts as a good reminder as well.

2. Monitor employees, but let them know it
One area that technology can help is in monitoring employees’ access to sensitive corporate data. While secretly monitoring employees can catch the rogue insider, frequent, yet subtle reminders to employees the company is logging certain activities is also a good way to prevent incidents in the first place.

3. Add nontechnologists to security teams
Companies that performed best in dealing with insiders also had security teams that did not have all technologists. By combining human-resource, legal, and business experts along with risk and security professionals, a more well-rounded and effective team resulted.

Having such depth in a security team can also help the group better make the case for security as profit center, not a cost center, Rachwald said.

4. Look for aberrations
Another place that technology can help is in the search for the odd blips that signal an employees is doing something dangerous to the organization. By monitoring logs of the servers where data resides, companies can catch insiders trying to steal data or just making a poor security decision.

5. Help them understand the business
While companies should teach employees corporate policy and good security hygiene, it’s also important for the security teams to understand what is important to the business. Security groups should talk to the head of each of the business units and ask questions aimed at defining their risk: What would a competitor do with some sensitive information? What would happen if an employee walked out with these 50,000 records?

Leave a Reply

You must be logged in to post a comment.