Language: EN | FR | 中文版

The Insider Threat Security Manifesto Beating the threat from within

Executive Summary

Ask any IT professional to name the security threats to their organisation and they will probably reel off a list of external sources; hackers, viruses, denial of service attacks and phishing.

But are these dangers from outside of a business really the greatest security threat?

More often than not the greatest risk to any organisation comes from within. That unhappy employee, or rogue insider who will go to any length to gain access to the organisation’s crown jewels, share the sensitive data they get their hands on and even put it to some other unscrupulous use such as insider trading.

As the Edward Snowden scandal highlighted, if a disgruntled worker is determined to unearth critical information, it is not that hard to do so. Snowden was an IT contractor, but he gained access to files he should not have by simply asking his colleagues to share their passwords. Once he had the log on details, off he went in search of highly confidential and sensitive data.

Of course, malicious employees are the exception rather than the rule. But they are not the only insider threat. Ignorant users are also perilous, and Forrester research has shown that the greatest volume of security breaches (36%) come from employees inadvertently misusing data. They unwittingly share sensitive data or information that could fall into the wrong hands almost daily. And of course, many employees casually share passwords. Giving their ID to who ever asks for it as an apparent necessity or just to make their lives easier, without any idea of why it might cause a security breach.

To find out how organisations are attacking insider threats we conducted a study of 500 IT decision makers in organisations ranging from 50 – 10,000 people in the UK and US (250 in each respective country) to understand what their attitudes are to the threat from within and how they are approaching it.

Drawing on the results of the research, this security manifesto will empower IT professionals to take proactive measures to help them beat the threat from within. While no system is ever going to 100% stop the problem, with the appropriate steps the risk can be significantly diminished.

“The day-to-day internal security threat faced by most organisations is not due to malicious behaviour; the ‘insider threat’ is most likely to be down to the misuse and poor use of IT. This in turn is often caused by inadequate policies and practices in the first place. A good example is the sharing of usernames and passwords, which exacerbates the problem because issues arising cannot be associated with individual users. Many aspects of the insider threat can be mitigated with investment in tools that monitor and, to a certain extent, control users, for their own benefit and for that of the organisation they work for.
Bob Tarzey Bob Tarzey Analyst and Director, Quocirca