Welcome to week 2 of National Insider Threat Awareness Month! One of the things that keeps enterprise security professionals up at night is the prospect of the insider threat. With outside threats, security can enable well-defined and established protections, such as firewalls. An attacker actually has to break into the computing environment to be able to do harm.
Insider threats are under no such restriction. In many cases, they already have a legitimate account on the network. The biggest concern of insider attacks is exfiltration – removing IP or other valuable information – but it’s by no means the only concern.
Sabotage is another possibility. One or more employees could bear a grudge against the company, and attempt to steal, delete, or otherwise sabotage data or applications in an attempt to “get even.”
Perhaps the biggest problem is that insider threats can come from anywhere. It can be a staff employee, a contractor, an IT worker, an authorized visitor, or even an officer of the company.
The Enemy Within
Many organizations fail to consider the threat posed by insiders with ulterior motives, and don’t adequately plan for such insider attacks. The result can be theft of intellectual property, damage to the computing environment, threats of ransom, or other debilitating results.
Insiders typically have free reign of the network, even though they may not have privileges to certain applications or information. Exfiltrating data, or causing damage to files, is not nearly as difficult as breaking in in the first place.
In some cases, insiders already have access to the data they want to exfiltrate. In others, getting to such data may invo ..
Support the originator by clicking the read the rest link below.
