Think Information. Think Security.
SEATTLE -- In today's networked world, a disgruntled employee can pose a greater corporate risk than an outside hacker.

That's one big lesson drawn from the indictment of Matthew Keys, 26 of Secaucus, the Reuters web editor,  N.J which has been charged with one count each of transmitting information to damage a protected computer, attempted transmission and conspiracy. He was let go from Sacramento television station KTXL Fox40 in October 2010. A few weeks later, he is alleged to have provided members of the hacker group Anonymous with log-in credentials to a computer server at the station's parent company. The hackers then defaced at least one of the station's news stories posted on a website.

Stricter data loss disclosure regulations are being discussed in the U.S., Europe and Australia. At the same time, more organizations are turning to data storage and computing power supplied by a third party over the Internet cloud. That adds up to a bigger burden of responsibility on network managers to protect company systems and data -- from insiders and outsiders alike.

survey last year by network security firm AlgoSec found that security managers consider threats from low-level insiders more worrisome than the threat of a sophisticated hack by well-funded, external criminal organization.

Some 29% of the survey takers said they were most concerned about the lack of visibility into applications and networks, while 28% said their top concern was insider threats. Both of those concerns relate to how a disgruntled employee, or an insider aligned with criminals, could disrupt a company's network, or steal valuable intellectual property. By contrast, just 14% said financially-motivated hackers worried them most, while 6% cited political hacktivists.

Poor internal processes, such as failing to revoke network access to a fired employee, or making firewall changes that don't apply system wide, can translate into opportunities for current or ex-employees with malicious intent.

"Organizations need to have effective policies in place, and the real key is to enforce them," says Erdheim, AlgoSec senior security strategist. "This doesn't completely solve the problem, of course, but it certainly takes away low hanging fruit."

Protecting websites and restricting access to sensitive data have become much trickier in today's increasingly networked and cloud-based business environment, observes Pravin Kothari, CEO of encryption firm CipherCloud.

"With information moving and residing across a combination of on-premise and off-site servers, often in various geographies, access points have multiplied -- leaving more gaps for both insider and external threats," Kothari says.
Advises Kothari: "Use military grade encryption to protect information before it is sent to the cloud. That way, even when they breach the solution, unauthorized viewers see only gibberish and cannot make use of the data. For tighter control, give enterprises the encryption keys for deciphering the information instead of leaving the keys with the cloud provider."

Cross-posted from: USA Today News
7/4/2016 03:05:18 am

Security remains one of the biggest concerns for corporations.


Leave a Reply.