IT is at the forefront of protecting company data and is on guard against threats from the outside and in. On the insider front, most concerns surround regular employees – even C-level folks can come under scrutiny. One group that is largely ignored however, is IT itself. After all, IT pros can be as good or bad as every other employee can.
The Verizon Data Breach Investigations Report has evidence to prove that IT pros too can be a threat to your organization. According to Verizon, 12% of insider breaches are from IT – half of them coming from admins, the other half from developers.
The easiest route for techies to do a bit of damage is to use the high-level access rights they already have. This privilege abuse is the number one route to trouble. Many are the times, in fact, that this abuse involves spying on co-workers – even top execs. Some is pure curiosity, but it can also lead to blackmail and according to the Verizon report privilege abuse accounts for 88% of insider breaches.
This is just one piece of the overall insider threat puzzle. “The corporate LAN was the vector in 71% of these incidents, and 28% took advantage of physical access within the corporate facility. This means the majority of employees perpetrated their acts while in the office right under the noses of coworkers, rather than hopping through proxies from the relative safety of their house,” the Verizon report stated.
1. Treat IT as you treat other employees
The biggest mistake made by many business owners or IT managers is trusting IT staffers more than the rest of the workforce. IT pros are just people, with the same faults and foibles. Offering all IT staffers broad high-level privileges is a recipe for disaster. Make sure your IT staff only has the access needed to do their job. Many shops have security tools to monitor traffic and individual behavior. If so, make sure IT is included as well. For instance, some monitoring and endpoint security tools can see and block when confidential data is leaving the network. Make sure these tools embrace all your employees, even managers who are now representing 13% of data breaches.
2. Scrutinize employees
Having IT subject to the same security controls is a good place to start but keep in mind IT has more knowledge and privileges and can cause far more damage. You might need to take a closer look when you hire, and keep your eyes open once they are on board. Noted IT thinker and columnist Roger A. Grimes tackled these topics in an InfoWorld column. One Grimes’ hire claimed he had no criminal record. Doing a background check however, Grimes discovered he did — after the guy was already on the job.
“The one employee I kept on after they committed this transgression ended up stealing thousands of dollars in computer equipment from the company. I found out when he asked me to drop by his house to help diagnose possible malware on his home computer. When I entered his abode, I saw that he had a multi-thousand-dollar computer rack, computers, and networking equipment identical to what we had at work. When he realized I recognized the equipment, his expression was clear. It had been a mistake to invite me to his house, at least without first hiding the stolen equipment,” Grimes said.
The answer? Always do a background check, and don’t cut job candidates any slack when they are found to have lied. Another bit of Grimes’ advice is to watch for employees who know things they probably shouldn’t because that would indicate they are looking in places they shouldn’t.
3. Know your network and where the data is
One thing that makes IT insiders so dangerous is knowledge of the network. If you are a manager, you need an even deeper knowledge, knowledge of where the truly confidential and critical data is, and who can get to what.
“The first step in protecting your data is in knowing where it is, and who has access to it. From this, build controls to protect it and detect misuse. It won’t prevent determined insiders (because they have access to it already), but there are many other benefits that warrant doing it,” Verizon said.
Verizon has several other tips to stop insider incursions, including:
“Review user accounts”
Your organization has to adopt a review process for those accounts whose owners have either been released or have given notice. It is important to do this with users who have access to sensitive data. Make sure accounts are disabled on the last working day of the employee (or even before if the situation is justified).
“Watch for data exfiltration”
That is, watch out for those endpoints and for large files making their way out of your mail server. Some organizations facilitate data leakage because they do not put up preventative checks and controls.
“Publish audit results”
This might seem extreme but awareness can go a long way. Publishing anonymous results of your access audits to your employees will show them consequences exist, sensitive data is monitored and policies are enforced.