« Paper Proves Resilient | Main | Cautious Economic Optimism »
April 29, 2008
Help Customers Guard Against Insider Security Threats
What type of security threat is currently keeping government intelligence officials in the U.S. and abroad up at night? It’s not the ever growing army of rogue and state-sponsored hackers who use brute force to storm through firewalls. It’s something that’s often even harder to defend against—untrustworthy insiders.
The rising specter of insider security breaches is causing a fundamental shift in how organizations are now protecting their information, says Brian Contos, chief security officer for ArcSight and author of the book Enemy at the Water Cooler, which profiles a number of real-life insider incidents.
Protecting against external threats is still important, “but the ‘bad guys’ are finding that their return on investment for brute force hacking from the outside isn’t that great, so their focus now is more on recruiting insiders,” Contos explains.
Why would someone inside an agency or commercial company willingly give up sensitive information? Not surprisingly, the prime motivation in most cases is financial gain. What is remarkable, however, is how little it takes to convince someone to flip. “We are talking $5,000, $10,000, $15,000, maybe $20,000. Not huge sums of money,” he says.
And what are the best defenses? Contos suggests looking for tell-tale signs of problems that by themselves are innocuous, but contribute to a larger picture of vulnerability. One important area to investigate is print logs, he says.
“Most people would think, ‘How interesting, let’s watch what people are printing,’” he says with an ironic tone. But behind this outwardly dull activity is one of the best tools for understanding what’s happening inside the firewall.
Focus not only on what’s being printed--a sensitive financial report, for example--but also on who printed it and when. Other questions to ask are, does the person’s job authorize access or explain why he or she might need that information? Are there typically explanations for why it’s necessary to create a hard copy or send the file to an outside e-mail address? Was the file printed during regular business hours or after hours?
“The crux of this is approach is to see specifically how users are interacting with content. That’s what we are talking about with all the three-letter [intelligence] agencies,” Contos says.
So too is it a conversation that solution providers should broach with their customers as a way of marrying security policy with printing and imaging technology to keep sensitive information safe.
Posted by ajoch at April 29, 2008 03:21 PM
