Is your business at risk from a trusted employee?

All businesses depend on their employees regardless of their size. Trust is foundational in ensuring the business operates as required, customer needs are met, and intellectual property or regulated data is protected. While many companies are focused on protecting the business from external exploitation the thought of exploitation from insiders is many times missed.

Both Twitter and Trend Micro reported in November to have fallen prey to malicious insiders with legitimate access to sensitive company information. In both cases it appears that the companies did not discover the misuses by their own measures but became aware through 3rd party sources, long after the unwanted activity was initiated. Alarmingly, Trend Micro is a cyber security company which goes to show that even the best can get taken advantage of. Insider incidents are not new and are thought to account for one-fifth of all data breaches.

In the  case of Trend Micro the company indicated that 68,000 customer data records were provided to a 3rd party source who used the information in attempt to scam Trend Micro customers. In the Twitter leak, information was being provided to the Saudi government and Royal family pertaining to individuals who were hostile to the current regime. In both cases motivated employees provided the privileged information.

So what impact could a data breach have on your business? According to IBM the cost of a data breach in a small to medium business (SMB) with fewer than 500 employees averages $2.5M or 5% of annual revenue to remediate the issue. Regulated data such as in the case of Healthcare, averages $429/record, so the overall cost could be significantly higher to remediate the issue. Beyond cleanup costs a data breach can be devastating to a company’s reputation and the resultant loss of business can overcome many companies.

There is tremendous focus on the right tool set being the answer in solving complex information security issues. While investments in software, hardware, personnel, and training are all pieces in a complex puzzle, detailed processes and procedures are as critical as all of the other investments and without such, all investments are rendered ineffective. To many technical staffs the tools are exciting, but the process and procedures that insure the tools are generating manageable alerts for support staff may be viewed as ominous and are never fully implemented.

Without a proper implementation, many times events are generated and logged to some database server and alerts to supporting staff are never generated, or there are so many alerts that a support staff becomes overwhelmed and the response is to silence or ignore the alerts. When a third party source such as law enforcement contacts the compromised company and an incident response team is hired to investigate the breach, logs of malicious activity is often found tucked away on some database server that was never configured to alert support staff. Many times the malicious events have been ongoing for months to years.

Ask yourself or your employees:

How does the company monitor security alerts?

Is privileged user access to sensitive data audited on an ongoing basis?

Does the company use an internal audit function that is outside of the information technology group or use 3rd party resources to review security?

Are processes and procedures reviewed on an ongoing basis by an independent audit function?

Are the processes and procedures updated on an ongoing basis as the business and technology changes?

Does the organization perform regular incident response testing for data loss, systems outages, component failures, or other potential business disrupting compromises?

In the case of Twitter and Trend Micro a simple ongoing audit of privileged user access may have identified the malicious activity at its commencement saving time, reducing reputational risk, and significantly improving the company’s security profile.

Network Management Solutions has been helping organization since 1996 to establish sound information technology networks, systems, processes and procedures. Please call us at 908-232-0100 for a confidential consultation on how we can assist your business in managing the security of its information assets in a continuously changing world.

Speak Your Mind