Recent IT security story headlines have focused on network breaches that have led to the capture of millions of pieces of personally-identifiable data.
However, insider threats are still a prime source of problems for enterprises.
One only needs to think in this country of the theft of military secrets by Royal Canadian Navy Sub-lieutenant Jeffery Delisle, sentenced last year to 20 years for selling data to the Russians for almost five years, as a prime example. Another is the loss of data by Elections Ontario staff — apparently an accident, but an insider problem nevertheless.
So a piece in Computerworld U.S. reminding enterprises of the need to be vigilant about data leakage from employees is timely.
Insider threat programs are a combination of best practices, software and dedicated staff looking for possible problems and regularly reminding employees of their responsibilities. But as the piece points out, for any strategy to have muscle the CIO/CSO has to gain support from the top of the organization.
This is particularly important in an era of cloud computing where business units can by-pass the controls that CIOs/CSOs wish to impose on staff.
Another vital piece of a strategy is to form a team from many departments that will understand the needs of staff, partners and others who potentially touch corporate data. IT has to make every effort not to institute policies or procedures that impede productivity and innovation, a vendor quoted in the story rightly says.
A former chief information and security officer at the CIA notes that some solutions are as simple as removing access to sensitive files to only those who need it. Legacy programs written in early versions of C that require users to be logged into Windows environments with administrative privileges, are ripe for fixing. “If they need to run those applications on the internal network, then don’t allow them to connect to the Internet,” he’s quoted as saying Bigman.
IT also can isolate these vulnerable applications by putting them in a virtual environment with a sandbox, in effect isolating them but still providing access to the Internet while protecting them from exploits, the article also notes.