The three origins of data breaches are external, internal and partner agents. The origins are not exclusive and a data breach can have attacks from one or multiple agents. This post will focus the internal threat and include recommendations to help protect against internal attacks. In 2009, the role of insider agents in data breaches doubled compared to 2008 figures. This increase is partly due to an influx of insider cases from the U.S. Secret Service but it also reflects the constant threat from insiders in cases analyzed by Verizon.
Internal agents act with different motives and possess varying levels of intelligence. The similarity that 90% of internal agents share is that they act deliberately. Only 4% of insiders who contribute to a data breach act unintentionally. The other 6% are insiders who carry out inappropriate behavior and because of their actions a breach occurs. The report states that employees who commit data theft have more than likely been cited for network misuse in the past. Should corporations more closely monitor employees that have network misuse infractions? It is a preventative measure that is less costly than having to mitigate a data breach.
51% of internal data breaches come from regular employees, noting personnel that handle cash on a regular basis as main culprits. The finance and accounting staff account for 12% of internal breaches, as they have access to corporate accounts and financial data. Additionally, Systems and network administrators accounted for 12% of breaches. Executives accounted for 7%, Helpdesk staff 4%, Software developers 3%, Auditors 1% and unknown 9%. The access to confidential data, especially without necessity, can lead to data breaches. Unnecessarily high user IT privileges contribute to many of the breaches and should be more closely monitored.
Below are some tips, implied from the report, that will help secure internal networks.
- Use network surveillance software with packet re-construction and forensics analysis capabilities for quick user identification, evidence and prosecution requirements in case of a breach.
- Develop a corporate wide "Breach Plan" including personnel, time frames and budget considerations.
- Distribute internet usage policy with clearly defined rules for all possible infractions.
- Quarterly review of user IT privileges in an attempt to prevent unnecessary access and a possible motivator for data theft.
- Monitoring of all top level users with access to valuable corporate information.
- Monitoring of all employees with certain level of network misuse infraction.
No comments:
Post a Comment