What's the Biggest Insider Threat?
Portable devices, leaks from top management, and human error all play a part
October 12, 2007
1:35 PM -- The Symantec Altiris ManageFusion 2007 conference took place in Orlando this week, and I participated on a panel called "Securing IT from Within."
The opening question -- "What do you think is the single biggest internal security threat to business today?" -- really set the stage for the whole event. Andi Mann, a researcher from Enterprise Management Associates, and freelance writer David Strom jumped on the portable device bandwagon with excellent arguments on why they are evil and cause such major security problems for businesses.
They are right. The headlines and statistics aren't lying about how detrimental portable devices -- including laptops, iPods, and smartphones -- can be to a business. Just take a look at the Privacy Rights Clearinghouse "Chronology of Data Breaches" and see how many were caused by portable devices.
Many of the data breaches caused by portable devices could be prevented through the proper use of technologies that are currently available. For example, full disk encryption solutions could protect the contents of the laptops' hard drives when lost or stolen. If you've got data leaking out through USB flash drives and iPods, there are several products that can automatically encrypt files as they are copied -- or simply block all writes or access to removable storage devices.
Consultant James Gaskin and I looked at a different type of insider threat: people. I discussed some of the security issues associated with human beings in general, while James targeted C-level executives. How often have you met a CIO, CEO, or even a VP that didn't like to brag about his company? I used examples of social engineering and malware infections as arguments as to why humans were the most serious threat to IT.
Unfortunately, there aren't any easy solutions to fix all of the problems caused by humans, whether they're IT staff or users. For example, how do you deal with help desk staffers that have admin rights -- and often must ask users for their passwords as part of the troubleshooting process?
First, the help desk staff should never ask users for passwords. This practice helps make users more comfortable with the idea of giving their passwords away. Second, since the help desks techs are usually admins, they can typically just reset users' passwords -- they don't need to ask for them.
Unfortunately, the ultimate outcome of the discussion -- and it's been said many times before -- is that there is no silver bullet for security. But discussions like these help to identify the most critical threats, and perhaps help to kick-start the process of defending against them. Many thanks to the other panelists, and to Altiris for including me.
— John H. Sawyer is a security geek on the IT Security Team at the University of Florida. He enjoys taking long war walks on the beach and riding pwnies. When he's not fighting flaming, malware-infested machines or performing autopsies on blitzed boxes, he can usually be found hanging with his family, bouncing a baby on one knee and balancing a laptop on the other. Special to Dark Reading
Read more about:
2007You May Also Like