Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

How to recognise the cyber insider threat

Hamish Barwick | Aug. 5, 2014
If people start accessing systems or the data in them more often, you may have a problem.

insider threat

Losing business to a competitor because one of your trusted employees has walked out the door with sensitive information doesn't need to happen if you look for the signs and put controls in place, according to a panel of cyber security experts.

Cisco Australia hosted a discussion on cyber security in Sydney this week.

According to Computer Emergency Response Team (CERT) Australia's technical director, Doctor Jason Smith, many organisations CERT Australia works with become victim to an insider because their network is misconfigured or not monitored.

"The ability for poorly trained or tired [IT] people to make mistakes can also have an impact," he said.

"Once an adversary has code execution on your computer, they are essentially an insider. The controls you need to build need to take into account what an insider could do to your network."

He added that the insider threat needs to be communicated to the company's board so that they can have input into decisions that are made to deal with the problem, in conjunction with the IT department.

"Cyber security is a team sport and that team can consist of people in your organisation and service providers," said Smith.

According to Cisco's information security global vice president, Steve Martino, companies need to put in place controls that can capture data and look for patterns or behavioural things that are out of the norm.

For example, if a trusted staff member starts accessing systems more often, looking at data in the system or working very long hours, this can be captured via logs and the security card reader the employee uses to swipe in and out of the building.

"I can look at how often a person accesses a system or data in that system. That's not violating privacy because accessing that system is part of their job," he said.

"If we see a pattern, we will sit down with the [Cisco] employee and discuss what is happening and how to deal with it."

However, Martino warned employers that opening up a secure email account and looking inside it could be deemed a violation of privacy.

His advice when creating an insider threat plan was starting with 'who, what, why and how'. For example, who would want the data, why would they want it, what would they do with it and how would they get to the data?

Edwin Cowen University's security research institute adjunct professor, Gary Blair, who previously worked as a CISO at Westpac, said that Australian banks mainly look at external threats such as organised crime, nation states and terrorist groups.

"I sense that within Australia, we trust people in the work environment. That's good because it leads to harmonious working relations," he said.


1  2  Next Page 

Sign up for Computerworld eNewsletters.