Handling the Threat of Internal Breaches

Every time you listen to the news, read a newspaper, or scan online news, you learn of another security breach that involves consumer’s personal information. Consumers assume that breaches occur by direct attack from external entities or by clever individuals who break into networks from outside the company or via the Internet. That scenario is often true, but not always. To the surprise of many, a significant number of breaches originate from inside a company’s walls. However, of those internally originating breaches, only a small percentage of those are intentional and malicious, but no less harmful.

In the “old” days of computers equipped with floppy disk drives, corporate IT departments “outlawed” the use of external disks in company-owned systems. Unfortunately, this rule didn’t stop their use nor did it stop the rampant spread of viruses throughout and organization. One such incident of internal threat details the proliferation of a virus to an entire group of remote users by corporate deployment personnel at WorldCom. The so-called “Config Room” personnel imaged and deployed hundreds of new desktop computers with the then notorious NYB virus that took months and hundreds of hours to fix.

Although floppy disk drives have disappeared from the computer landscape, USB thumb drives, CD, and DVD disks are ubiquitous. Banned in many companies, USB thumb drives are easy to conceal, very inexpensive, and easily moveable between computers making it a simple task to deploy malware to multiple systems before a network administrator can identify and stop further contamination.

Carter Schoenberg, Technical Director of Cyber Security Services for Calibre, stated in a 2014 interview that more than 60 percent of all security events originate from inside the corporate network. But of those 60-plus percent, 80 percent are unintentional. Overall, this translates to just over ten percent of the threats that companies deal with are malicious insiders, which corresponds to what other researchers such as Verizon has found at 10.6 percent.

In Verizon’s 2015 Data Breach Investigation Report, malicious insider breaches are fourth in line behind POS intrusions, Crimeware, and Cyber-espionage.

But unintentional breaches are still breaches, regardless of how they happen. Network administrators must take extra precaution to check outgoing traffic just as diligently as they do incoming traffic because of the nature and the number of insider threats. And network security personnel need to setup active monitoring and alerting (notification) so that intruders and data leaks are under constant surveillance.

As Shaun Murphy, security expert and CEO and founder of Private Giant, stated, “Most corporate security breaches occur on Sundays at 3 a.m. and on Christmas Day. Those are the peak times because they (the hackers) know that no one is watching the network.”

Honeypots and intrusion detection devices are good to have, but they do nothing to stop insider threats to network security. Network administrators must also convince corporate management of the magnitude of insider threats and to setup education for staff to help prevent unintentional leaks, malware proliferation, and social engineering attempts. Active monitoring, vigilance, and education are the steps to minimize the risk of insider threats. Hackers realize the potential of attacking from within the corporate walls and it’s time that network security professionals and management staff agree to react accordingly.

Ken is a technology author, blogger, columnist, podcaster, videographer, and practicing technologist who writes on a variety of topics that include open source software, Linux, Windows, Mac, UNIX, databases, virtualization, security, and consumerization. Ken is Security+ and Cybersecurity First Responder certified. Ken's current passion is making movies, mostly in the Film Noir genre.