Insider Threats Giving IT Execs Nightmares

A network engineer at a Kansas City company says he’s just as worried

about threats to his company’s network coming from inside the corporate

walls than he is about any hacker busting through the perimeter.

”Once you’re already inside that firewall, you’re considered trusted,”

says Josh Herr, network engineer at Ladlaw Transit Services, an

outsourcing company that handles bus scheduling and routing services.

”You’ve always got to worry… We’re in the process of putting firewalls

between the front end and the back end of the system to alleviate that

concern. The back-end system will have a completely separate firewall

network. It will keep people internally from getting through.”

According to a new survey, Herr isn’t alone in his concerns.

Sixty-nine percent of 110 senior executives at Fortune 1,000 companies

say they are ‘very concerned’ about insider network attacks or data

theft, according to a study by Caymas Systems, a network security

technology firm based in San Jose, Calif. And 25 percent say they are so

concerned they can’t sleep at night, Sanjay Uppal, a vice president at

Caymas Systems, told eSecurityPlanet.

Only 13 percent says they are not worried at all.

And Uppal says if they’re not, they should be.

”I think they should definitely be worried,” he adds. ”The people who

are not worried just haven’t been hit yet. They have a false sense of

security.”

What’s worrying Herr is the number of outside contractors who are on his

network. ”A lot of [the worry] is about the people who are coming into

our network for short periods of time, such as auditors and

contractors,” says Herr. ”We’re not in charge of those PCs.”

Uppal claims 30 percent of people who come in and work on your average

network every day are temporary workers. And that brings up specific

threat concerns. But he also says that IT and security administrators

should not forget about permanent workers and the havoc they can wreak.

After all, who knows better where critical information is stored or what

the boss’ password might be, than someone who works in the company?

And if a worker is unhappy about not receiving a bonus or feels slighted

for any other reason, she just might be disgruntled enough to want to

cause the company some serious damage.

”As we can see in the media more and more, the concept of a company

really taking care of its people — that bond is less and less secure,”

says Uppal. ”If a company doesn’t take care of its people, then the

workers won’t have that much loyalty either.”

Security from the Inside

Uppal says insider security threats definitely need to be dealt with…

and quickly. But it’s not an easy problem to solve.

”People coming from the outside all come from one place,” he explains.

”People on the inside are coming in from many many places — the

conference room, their desks, at home on their laptops. It’s actually a

problem that’s not all that easy to tackle.”

The first step, according to Uppal, is to reign in the temporary workers

and people who are coming in as guests to the company. ”Someone might

come in for a meeting, find an open jack in a conference room, then plug

in, and they’re off and running,” he says. ”People should install

barriers or hurdles, access controls on the network. The software would

scan the laptop and then realize it’s not an authorized machine. It would

then ask for a user name and password to distinguish that this person

should not be there.”

Uppal also recommends that workers should be limited as to what parts of

the network they can access. Someone working in production shouldn’t be

able to access financials. And someone working in the financial

department, should be able to access personnel records and reviews.

”We hear a lot about viruses or hackers coming in through the

perimeter,” Uppal says. ”We don’t hear what’s going on inside the

network. People don’t want to admit that it’s a problem.”

RELATED NEWS AND ANALYSIS

• Ethics and Artificial Intelligence: Driving Greater Equality

  FEATURE |  By James Maguire,
  December 16, 2020

• AI vs. Machine Learning vs. Deep Learning

  FEATURE |  By Cynthia Harvey,
  December 11, 2020

• Huawei’s AI Update: Things Are Moving Faster Than We Think

  FEATURE |  By Rob Enderle,
  December 04, 2020

• Keeping Machine Learning Algorithms Honest in the ‘Ethics-First’ Era

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  November 18, 2020

• Key Trends in Chatbots and RPA

  FEATURE |  By Guest Author,
  November 10, 2020

• Top 10 AIOps Companies

  FEATURE |  By Samuel Greengard,
  November 05, 2020

• What is Text Analysis?

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  November 02, 2020

• How Intel’s Work With Autonomous Cars Could Redefine General Purpose AI

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  October 29, 2020

• Dell Technologies World: Weaving Together Human And Machine Interaction For AI And Robotics

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  October 23, 2020

• The Super Moderator, or How IBM Project Debater Could Save Social Media

  FEATURE |  By Rob Enderle,
  October 16, 2020

• Top 10 Chatbot Platforms

  FEATURE |  By Cynthia Harvey,
  October 07, 2020

• Finding a Career Path in AI

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  October 05, 2020

• CIOs Discuss the Promise of AI and Data Science

  FEATURE |  By Guest Author,
  September 25, 2020

• Microsoft Is Building An AI Product That Could Predict The Future

  FEATURE |  By Rob Enderle,
  September 25, 2020

• Top 10 Machine Learning Companies 2021

  FEATURE |  By Cynthia Harvey,
  September 22, 2020

• NVIDIA and ARM: Massively Changing The AI Landscape

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  September 18, 2020

• Continuous Intelligence: Expert Discussion [Video and Podcast]

  ARTIFICIAL INTELLIGENCE |  By James Maguire,
  September 14, 2020

• Artificial Intelligence: Governance and Ethics [Video]

  ARTIFICIAL INTELLIGENCE |  By James Maguire,
  September 13, 2020

• IBM Watson At The US Open: Showcasing The Power Of A Mature Enterprise-Class AI

  FEATURE |  By Rob Enderle,
  September 11, 2020

• Artificial Intelligence: Perception vs. Reality

  FEATURE |  By James Maguire,
  September 09, 2020