by Colin Konschak
I promised you a second part to the last blog about the role of your employees in breaching your internal systems. The last blog was about the benefits of employees in protecting your system, but this one is about the ability of your employees to attack your system.
In fact, says cybersecurity expert John Gomez, CEO and founder of the cybersecurity firm Sensato, insider threats are growing in frequency, often continue for months or even years before you discover them, and are extremely hard to defend because your employee is supposed to be there. He told the story of a nurse printing out lists of auto accident victims brought into the emergency department (where she did not work) and selling them to lawyers.
Spotting potential employees-as-hackers requires an understanding of motivation and watching closely for behavioral indicators.
- Motivation. Motivation to breach your system includes ego, the desire for approval (they want to get caught so you will be impressed they were able to do this), problems at work (they were fired or reprimanded), and stress (they need time off from work and can’t get it so they break the system and, thus, can’t work).
- Behavioral indicators. These are subtle actions such as an ongoing interest in areas outside their current assignment; accessing the network at unusual times; anger if you block sites or highlight the fact that all online activity is tracked; a sudden interest in the consequences of being caught; and/or a sudden change in behavior, i.e., a loner who suddenly becomes a social butterfly (there is safety in numbers).
Combating the threat requires organizational changes:
- Partner with human resources to develop an incident response plan.
- Classify the information employees have access to on three levels: important, very important, and “we’re screwed if they breach this.”
- Limit administrator access only to those who need. For instance, even your CEO doesn’t need to be classified as an administrator.
- Reset access controls after employees leave.
- Develop a strong bring-your-own-device policy – or don’t allow employees to bring their own devices to work or access your system from their own phones, tablets, and computers.
How safe is your company from employee breaches?