In: Computer Science
ASSIGNMENT
It is recognized that insiders pose security risks due to their legitimate access to facilities and information, knowledge of the organization and the location of valuable assets. Insiders will know how to achieve the greatest impact whilst leaving little evidence. However, organizations may not have employed effective risk management regimes to deal with the speed and scale of change, for example the rise of outsourcing. Outsourcing can lead to the fragmentation of protection barriers and controls and increase the number of people treated as full time employees. Regional and cultural differences will manifest themselves in differing security threat and risk profiles. At the same time, the recession is causing significant individual (and organizational) uncertainty and may prompt an increase in abnormal behavior in long-term employees and managers – those traditionally most trusted – including members of the security community.
TASK:
1. In this environment, how can organizations know who to trust and how to maintain this trust?
2. List all the insider threat and factors that can affect the insider threats. Suggest appropriate solutions to mitigate the insider threats in an organization.
1. Denial of the fact that the insider threat exists is no
longer acceptable,
but even when the threat is acknowledged, knowing where to
take the first bite of the elephant can be difficult. A study
by
the Ponemon Institute found that 60% of senior information security
professionals believe their businesses are
unable to effectively assess or quantify insider risks even
though they realise the dire risks posed by this inability.
And
Employee trust and loyalty are oft-quoted Holy Grails. It can
be
argued that organisations with a large percentage of longterm
personnel have seen more buy-in to security, not for
security’s sake, per se, but by strengthening reliance on the
organisation and the desire to see it survive to protect the
employees’ own futures. This situation was supported by
clear, long-term career structures and reward schemes. The
resultant organisational culture facilitated the development
of personal relationships with other members of staff and
management and helped enhance levels of underlying
personal trust, loyalty and mutual dependency. The situation
has changed significantly and it is now more normal for staff
to move between organisations and regions on a regular basis
to improve their financial position and advance their career.
This may result in less affinity, a ‘loosening’ of loyalty
and
a difficulty in stabilising organisational culture. Note that
homeworking tends to reduce contact with other members of
the organisation and may inhibit the development of relationships
and bonds that usually help to forge loyalty to the
team and the organisation. Effort should therefore be made to
ensure periodic team interactions and bonding events and
face-to-face meetings.
Changes to the nature of employment have affected the
control that the organisation has on its infrastructure,
culture
and the relationships and levels of trust that can be
developed
with the people that work within its boundaries. Outsourcing
strategies may create additional problems: staff may fear
that
their roles are next in line for offshoring and may feel alienated
and disaffected. For the third party employee, loyalty isdifficult
to achieve in a call-centre with deskilled jobs, short
contracts and 40% churn of staff. These people will have
lower
levels of company and country affinity and loyalty but, as
effective insiders, may be given privileged access to information
within your organisation. We are now faced with varyingperspectives
of loyalty, for example, loyalty to customer (who
will seem an intangible entity far removed e geographically
and culturally e from any considerations of reward), loyalty
to
organisation (the outsource supplier who actually pays the
employee’s wages), loyalty to country or culture, loyalty to
profession or straight-forward loyalty to pay cheque
2. List of the insider threat and factors that can affect the insider threats.
An insider threat is a security risk that originates within the targeted organization. This doesn’t mean that the actor must be a current employee or officer in the organization. They could be a consultant, former employee, business partner, or board member.
So there are mailnly Five types of Insider treats which we have to keep it in mind that asre:-
The Careless Worker: These are employees who engage in inappropriate behavior, much of which can fall into the category of “Shadow IT.” This behavior tends to not be malicious, but can include misappropriating resources, breaking acceptable use policies, using unapproved workarounds, and installing unauthorized applications — all actions which can open up new vulnerabilities in an organization.
The Inside Agent: This is an insider who is approached by external bad actors and used as part of a larger scheme. Bad actors will recruit or bribe susceptible insiders to steal information on their behalf.
The Disgruntled Employee: These are insiders who try to harm their organization by destroying data or disrupting business activity. They often feel that they have been wronged by the organization in some way, and attempt to lash out as an act of revenge.
The Malicious Insider: These actors have access to corporate assets and use existing privileges to access information for their own personal gain. This might involve leaking sensitive information to the press for compensation or selling data on the black market.
The Feckless Third-Party: These are business partners and third-party organizations that compromise security through misuse, negligence, or malicious use of company assets.
Given that all of the above attacks involve people who have gained some level of trust within an organization, it can be difficult to both identify and prevent them from happening. In order to reduce the likelihood of an attack — or mitigate its impact if it does occur — it is important to constantly be on the lookout for potential indicators of malicious activity.
Some suspicious behaviors to watch out for are:
· Attempts to access data or systems that are unrelated to an individual’s typical role and responsibilities.
· Attempts to bypass security.
· Violating corporate policies.
· Displays of disgruntled behavior toward coworkers.
· Data hoarding and copying files from sensitive folders.
In addition to simply being on alert for suspicious behavior, there are some more active countermeasures that can be taken both to reduce risk and to improve response in case of an attack. These include:
· Performing penetration testing and vulnerability scanning to identify gaps in a security strategy, including potential ways that insider threats might be able to maneuver within the business.
· Refining and conducting threat-hunting activities including behavioral intelligence, Dark Web monitoring, and endpoint detection and response (EDR).
· Applying data security measures as well as identity and access management measures to increase confidentiality and protect access to the business environment.
· Implementing security measures for personnel. These can involve security awareness training for all staff, as well as human resource controls such as employee exit processes. This goes hand-in-hand with implementing physical security measures to reduce access to sensitive information.
· Employing endpoint security measures to better deter, monitor, track, collect, and analyze user-related activity.
With all of these countermeasures, it is essential that all efforts be coordinated with strong communication between departments and individuals. This can increase the likelihood of identifying a potential insider threat in its early stages — and will improve security overall, regardless of insider threats.
1. Denial of the fact that the insider threat exists is no
longer acceptable,
but even when the threat is acknowledged, knowing where to
take the first bite of the elephant can be difficult. A study
by
the Ponemon Institute found that 60% of senior information security
professionals believe their businesses are
unable to effectively assess or quantify insider risks even
though they realise the dire risks posed by this inability.
And
Employee trust and loyalty are oft-quoted Holy Grails. It can
be
argued that organisations with a large percentage of longterm
personnel have seen more buy-in to security, not for
security’s sake, per se, but by strengthening reliance on the
organisation and the desire to see it survive to protect the
employees’ own futures. This situation was supported by
clear, long-term career structures and reward schemes. The
resultant organisational culture facilitated the development
of personal relationships with other members of staff and
management and helped enhance levels of underlying
personal trust, loyalty and mutual dependency. The situation
has changed significantly and it is now more normal for staff
to move between organisations and regions on a regular basis
to improve their financial position and advance their career.
This may result in less affinity, a ‘loosening’ of loyalty
and
a difficulty in stabilising organisational culture. Note that
homeworking tends to reduce contact with other members of
the organisation and may inhibit the development of relationships
and bonds that usually help to forge loyalty to the
team and the organisation. Effort should therefore be made to
ensure periodic team interactions and bonding events and
face-to-face meetings.
Changes to the nature of employment have affected the
control that the organisation has on its infrastructure,
culture
and the relationships and levels of trust that can be
developed
with the people that work within its boundaries. Outsourcing
strategies may create additional problems: staff may fear
that
their roles are next in line for offshoring and may feel alienated
and disaffected. For the third party employee, loyalty isdifficult
to achieve in a call-centre with deskilled jobs, short
contracts and 40% churn of staff. These people will have
lower
levels of company and country affinity and loyalty but, as
effective insiders, may be given privileged access to information
within your organisation. We are now faced with varyingperspectives
of loyalty, for example, loyalty to customer (who
will seem an intangible entity far removed e geographically
and culturally e from any considerations of reward), loyalty
to
organisation (the outsource supplier who actually pays the
employee’s wages), loyalty to country or culture, loyalty to
profession or straight-forward loyalty to pay cheque
2. List of the insider threat and factors that can affect the insider threats.
An insider threat is a security risk that originates within the targeted organization. This doesn’t mean that the actor must be a current employee or officer in the organization. They could be a consultant, former employee, business partner, or board member.
So there are mailnly Five types of Insider treats which we have to keep it in mind that asre:-
The Careless Worker: These are employees who engage in inappropriate behavior, much of which can fall into the category of “Shadow IT.” This behavior tends to not be malicious, but can include misappropriating resources, breaking acceptable use policies, using unapproved workarounds, and installing unauthorized applications — all actions which can open up new vulnerabilities in an organization.
The Inside Agent: This is an insider who is approached by external bad actors and used as part of a larger scheme. Bad actors will recruit or bribe susceptible insiders to steal information on their behalf.
The Disgruntled Employee: These are insiders who try to harm their organization by destroying data or disrupting business activity. They often feel that they have been wronged by the organization in some way, and attempt to lash out as an act of revenge.
The Malicious Insider: These actors have access to corporate assets and use existing privileges to access information for their own personal gain. This might involve leaking sensitive information to the press for compensation or selling data on the black market.
The Feckless Third-Party: These are business partners and third-party organizations that compromise security through misuse, negligence, or malicious use of company assets.
Given that all of the above attacks involve people who have gained some level of trust within an organization, it can be difficult to both identify and prevent them from happening. In order to reduce the likelihood of an attack — or mitigate its impact if it does occur — it is important to constantly be on the lookout for potential indicators of malicious activity.
Some suspicious behaviors to watch out for are:
· Attempts to access data or systems that are unrelated to an individual’s typical role and responsibilities.
· Attempts to bypass security.
· Violating corporate policies.
· Displays of disgruntled behavior toward coworkers.
· Data hoarding and copying files from sensitive folders.
In addition to simply being on alert for suspicious behavior, there are some more active countermeasures that can be taken both to reduce risk and to improve response in case of an attack. These include:
· Performing penetration testing and vulnerability scanning to identify gaps in a security strategy, including potential ways that insider threats might be able to maneuver within the business.
· Refining and conducting threat-hunting activities including behavioral intelligence, Dark Web monitoring, and endpoint detection and response (EDR).
· Applying data security measures as well as identity and access management measures to increase confidentiality and protect access to the business environment.
· Implementing security measures for personnel. These can involve security awareness training for all staff, as well as human resource controls such as employee exit processes. This goes hand-in-hand with implementing physical security measures to reduce access to sensitive information.
· Employing endpoint security measures to better deter, monitor, track, collect, and analyze user-related activity.
With all of these countermeasures, it is essential that all efforts be coordinated with strong communication between departments and individuals. This can increase the likelihood of identifying a potential insider threat in its early stages — and will improve security overall, regardless of insider threats.
1. Denial of the fact that the insider threat exists is no
longer acceptable,
but even when the threat is acknowledged, knowing where to
take the first bite of the elephant can be difficult. A study
by
the Ponemon Institute found that 60% of senior information security
professionals believe their businesses are
unable to effectively assess or quantify insider risks even
though they realise the dire risks posed by this inability.
And
Employee trust and loyalty are oft-quoted Holy Grails. It can
be
argued that organisations with a large percentage of longterm
personnel have seen more buy-in to security, not for
security’s sake, per se, but by strengthening reliance on the
organisation and the desire to see it survive to protect the
employees’ own futures. This situation was supported by
clear, long-term career structures and reward schemes. The
resultant organisational culture facilitated the development
of personal relationships with other members of staff and
management and helped enhance levels of underlying
personal trust, loyalty and mutual dependency. The situation
has changed significantly and it is now more normal for staff
to move between organisations and regions on a regular basis
to improve their financial position and advance their career.
This may result in less affinity, a ‘loosening’ of loyalty
and
a difficulty in stabilising organisational culture. Note that
homeworking tends to reduce contact with other members of
the organisation and may inhibit the development of relationships
and bonds that usually help to forge loyalty to the
team and the organisation. Effort should therefore be made to
ensure periodic team interactions and bonding events and
face-to-face meetings.
Changes to the nature of employment have affected the
control that the organisation has on its infrastructure,
culture
and the relationships and levels of trust that can be
developed
with the people that work within its boundaries. Outsourcing
strategies may create additional problems: staff may fear
that
their roles are next in line for offshoring and may feel alienated
and disaffected. For the third party employee, loyalty isdifficult
to achieve in a call-centre with deskilled jobs, short
contracts and 40% churn of staff. These people will have
lower
levels of company and country affinity and loyalty but, as
effective insiders, may be given privileged access to information
within your organisation. We are now faced with varyingperspectives
of loyalty, for example, loyalty to customer (who
will seem an intangible entity far removed e geographically
and culturally e from any considerations of reward), loyalty
to
organisation (the outsource supplier who actually pays the
employee’s wages), loyalty to country or culture, loyalty to
profession or straight-forward loyalty to pay cheque
2. List of the insider threat and factors that can affect the insider threats.
An insider threat is a security risk that originates within the targeted organization. This doesn’t mean that the actor must be a current employee or officer in the organization. They could be a consultant, former employee, business partner, or board member.
So there are mailnly Five types of Insider treats which we have to keep it in mind that asre:-
The Careless Worker: These are employees who engage in inappropriate behavior, much of which can fall into the category of “Shadow IT.” This behavior tends to not be malicious, but can include misappropriating resources, breaking acceptable use policies, using unapproved workarounds, and installing unauthorized applications — all actions which can open up new vulnerabilities in an organization.
The Inside Agent: This is an insider who is approached by external bad actors and used as part of a larger scheme. Bad actors will recruit or bribe susceptible insiders to steal information on their behalf.
The Disgruntled Employee: These are insiders who try to harm their organization by destroying data or disrupting business activity. They often feel that they have been wronged by the organization in some way, and attempt to lash out as an act of revenge.
The Malicious Insider: These actors have access to corporate assets and use existing privileges to access information for their own personal gain. This might involve leaking sensitive information to the press for compensation or selling data on the black market.
The Feckless Third-Party: These are business partners and third-party organizations that compromise security through misuse, negligence, or malicious use of company assets.
Given that all of the above attacks involve people who have gained some level of trust within an organization, it can be difficult to both identify and prevent them from happening. In order to reduce the likelihood of an attack — or mitigate its impact if it does occur — it is important to constantly be on the lookout for potential indicators of malicious activity.
Some suspicious behaviors to watch out for are:
· Attempts to access data or systems that are unrelated to an individual’s typical role and responsibilities.
· Attempts to bypass security.
· Violating corporate policies.
· Displays of disgruntled behavior toward coworkers.
· Data hoarding and copying files from sensitive folders.
In addition to simply being on alert for suspicious behavior, there are some more active countermeasures that can be taken both to reduce risk and to improve response in case of an attack. These include:
· Performing penetration testing and vulnerability scanning to identify gaps in a security strategy, including potential ways that insider threats might be able to maneuver within the business.
· Refining and conducting threat-hunting activities including behavioral intelligence, Dark Web monitoring, and endpoint detection and response (EDR).
· Applying data security measures as well as identity and access management measures to increase confidentiality and protect access to the business environment.
· Implementing security measures for personnel. These can involve security awareness training for all staff, as well as human resource controls such as employee exit processes. This goes hand-in-hand with implementing physical security measures to reduce access to sensitive information.
· Employing endpoint security measures to better deter, monitor, track, collect, and analyze user-related activity.
With all of these countermeasures, it is essential that all efforts be coordinated with strong communication between departments and individuals. This can increase the likelihood of identifying a potential insider threat in its early stages — and will improve security overall, regardless of insider threats.