|
|
|
Features
< Back
Sarbanes Oxley : Technology : Security
Managing the Costly and Growing Threat from Insiders
Attacks from insiders are estimated to be more costly than attacks from outsiders
By
Matthew Gardiner
|
|
Matthew Gardiner
Sr. Product Marketing Manager, Security Management Business Unit
CA Technologies
|
?It seems nearly every day in the news we hear about security breaches that compromise proprietary business and personal information. These breaches are not only costly but are generally very damaging to the organization?s reputation.
In order to mitigate these risks, while aiding in compliance efforts, organizations must put people, processes, and technology in place to administer all of their users and their access to business applications and data,? said Matthew Gardiner, Sr. Product Marketing Manager, Security Management Business Unit at CA. ?As we look forward, this task is made even more complex by the continued blurring of who is ?inside? and who is ?outside? the organization, making it even more imperative that organizations holistically address their user and entitlement management.?
We hear a lot about external security breaches- but it is the internal security incidences carried out by ?insiders? (former/existing employees, contractors, etc.) which we don?t hear as much about. Yet, these incidences are on the rise and are more costly to companies than the outsider threats since these insiders often have access to highly sensitive and confidential information. Consider these statistics:
? Attacks from insiders are estimated to be more costly than attacks from outsiders- one government agency found that attacks from outsiders cost $56,000 to repair compared to an insider attack that costs more than $2 million to fix
? 72% of enterprises cite internal security threats as greater or equal importance to external threats (The InfoPro?s Information Security Study, Feb?06)
? employees following security policies was rated as the second-highest security challenge organizations will face over the next 12 months (IDC 2005 Security Survey)
DO document security policies and processes and ensure they?re enforced through automation. Automation helps ensure security is consistently enforced and helps track how the processes are working so you can refine it later.
DO ensure that ?old? accounts are deleted/disabled promptly (coordinate this with your HR team). Former employees or contractors better not be able to have access to information once they?re gone.
DO make sure that users and their access privileges are reviewed quarterly. You can even automatically set them to expire after a certain amount of time. In today?s organizations employees and contractors are constantly changing roles and privileges should be changed accordingly as well.
DO make sure employees are trained on security policies and that they understand the implications of not adhering to these. Make sure, for example, that they understand why passwords shouldn?t be written down or shared.
DO implement the principle of ?least privilege?- meaning, give users access to only what?s needed for them to conduct their job functions. Only certain people within the organization need to see, for example, financial information or customer information. And make sure these privileges are reviewed on a regular basis as privileges are usually accumulated over time as roles and functions usually change.
DO ensure that your organization has a password policy in place so that passwords are strong enough (don?t let employees use passwords that can be easily guessed) and that are reset on a regular basis (bit not too often!)- and where applicable implement stronger forms of authentication (such as tokens or smartcards).
DON?T use a shared system administrator password- assign system administration privileges to an individual person. This makes it much easier to audit actions. Ensure that when that system administrator changes roles or leaves the company that their account is immediately suspended.
DO make sure there is a check and balance in your IT system entitlements by enforcing a segregation of duties security policies. (i.e. the person that approves changes should not the same person that makes the changes in the system).
DO ensure your systems can be audited- if there?s a problem you can go back into your logs to determine who may have compromised your systems. Log all administrative changes and maintain all logs in a way that prevents system administrators from modifying them.
DO implement a single and centralized view of the ?health? of your security environment. Sometimes, security issues are not apparent without the correlation of events across multiple systems.
DON?T unnecessarily burden your users with security practices (dozens of passwords in order to access systems and the need to constantly change passwords). This only leads to users trying to find ways to circumvent the security practices.
Matthew Gardiner
Sr. Product Marketing Manager, Security Management Business Unit
CA Technologies
Matthew Gardiner is the Sr. Product Marketing Manager, Security Management Business Unit at Computer Associates
|
|
|
|
|
