Advising your Clients on the Threat Within

Infinigate’s Chris Payne says resellers must look beyond technology to help them overcome the growing spectre of insider threats.

"With high-profile examples grabbing our attention throughout the last twelve months, 2016 is without a doubt the IT zodiac year of the inside threat actor.

Many of us in the channel are well versed in the art of assisting our clients with preventing external threats. However those which hide in plain sight are surprisingly more common and often pose far more of a challenge than what lurks in the shadows.
This year already Ernst and Young’s Global Forensic Data Analytics Survey listed the insider threat as the fastest-growing risk to organisations. However, more promising news came from Vormetric’s Insider Threat Report 2015, which stated that 93 per cent of cyber security professionals globally are looking to increase or maintain existing spending on IT security and data protection in the coming year, thus presenting an opportunity to the IT security channel.

The journey to helping your customers develop an insider threat defence plan begins by considering our self-entitled “Three Pillars of Internal IT Security”: people; privilege; and patching.
Firstly, we have to respect that not all problems can be solved by technology.
Who are the people who have access to sensitive areas and assets in your network?
PricewaterhouseCooper’s 2014 US State of Cybercrime survey found that 28 per cent of respondents had discovered a potential instigator of hacking or data theft hidden in their employees or third parties after implementing background checks.
This leads us perfectly onto an area I have witnessed many organisations struggle with: privilege. The evergreen principal of least privilege approach tells us that by restricting access to only which is necessary reduces the attack surface, and subsequently reduces risk. Edward Snowden has come to personify the greatest inside threat actor of our generation, stealing terabytes of sensitive information from the NSA whilst stationed in Hawaii. He did this by persuading fellow workers, no fewer than 25 times, that he needed their usernames and passwords to do his job as a computer systems administrator.

Finally, patching reminds us that the insider threat is not always a person at whom we can point a finger and label a bad guy. Sometimes malicious code is run by unsuspecting and innocent users. A perfect example of this is the RSA incident in 2011 when the insurance providers famously lost a large quantity of seed files used to generate passcodes in their two-factor tokens. Employees were sent emails with attachments which contained malicious code. Opening them exploited a known and patchable vulnerability in an application which subsequently lead to the theft.
Embracing the three pillars is a great step for an organisation to reduce a possible insider based threat, one which puts your customers in great stead for the future. However if there is one thing which years of preventative controls have taught us, it’s that nothing is full proof; solutions only reduce risk. Leaks will and can happen; the world doesn’t stand still and therefore the greatest virtue is a continuous cycle of review, learn and evolve.

Insider threats are undoubtedly a serious and complicated issue. The growing awareness and focus organisations are placing on defending against insider threats means that VARs must invoke powers of value-add to help their customers to look both at and beyond technology based solutions. Understanding the varying forms of an insider threat, the customers working environment, the sensitivity of their data, and the people involved in handling and accessing that data are all pieces of a puzzle which can only be assembled by those looking to deliver a true problem-solving solution. Those VARs whom are willing to rise to this challenge will undoubtedly supersede their competition."