View
63
Download
0
Category
Preview:
DESCRIPTION
The Insider Threat – Identifying your Insiders. SiliconIndia Security Conference 2010, Bangalore, 2 nd Oct By Thiru A, Principal Consultant, Risk & Compliance, Security Services, MindTree Ltd. Agenda : Insider Threat – Identifying your Insider. The Insider Problem – An Inconvenient Truth - PowerPoint PPT Presentation
Citation preview
© 2008 MindTree Consulting© 2008 MindTree LimitedCONFIDENTIAL: For limited circulation only © 2009 MindTree LimitedCONFIDENTIAL: For limited circulation only
The Insider Threat – Identifying your Insiders
SiliconIndia Security Conference 2010, Bangalore, 2nd OctBy Thiru A, Principal Consultant, Risk & Compliance,
Security Services, MindTree Ltd
© 2010 MindTree LimitedCONFIDENTIAL: For limited circulation only
Agenda : Insider Threat – Identifying your Insider
The Insider Problem – An Inconvenient TruthInsider Threat LandscapeInsider Impact & ChallengesThe Probable CausesMitigation Strategies
Slide 2
© 2010 MindTree LimitedCONFIDENTIAL: For limited circulation only
Potential Insider Threat Situations
An employee caught carrying a USB drive against the policy
A Laptop with all kinds of “extra” software
Corporate mails forwarded to personal email folders, drives, etc
Time spent of Social Media Networking sites
A remote user using a public wireless hot spot
A senior executive without an ID badge
Other White-collar threats
Slide 3
© 2010 MindTree LimitedCONFIDENTIAL: For limited circulation only
Some Facts & Figures from the Internet
2009 CSI Computer Crime SurveyInsiders responsible for 43% of malicious attacks & 25% of respondents said
that over 60% of losses due to non-malicious actions by insiders
2009 IDC Whitepaper on Insider Risk Management sponsored by RSA
The growing number of incidents in which employees inadvertently violate corporate policy has become the most serious insider threat
The average annual financial loss from insider risk was nearly $800,000 in the IT Outsourcing industry
2010 CyberSecurity Watch Survey by CSO,US Secret Service, CERT & Deloitte
“It is alarming that although most of the top 15 security policies and procedures from the survey are aimed at preventing insider attacks, 51% of respondents who experienced a cyber security event were still victims of an insider attack.
While outsiders (those without authorized access to network systems and data) are the main culprits of cybercrime in general, the most costly or damaging attacks are more often caused by insiders (employees or contractors with authorized access).
Slide 4
© 2010 MindTree LimitedCONFIDENTIAL: For limited circulation only
Who are Insiders
Any threat/incident where the human is the actor whether accidental & malicious
Anybody who has / had access physically or logically
Slide 5
Insider
Threat
Employees
Business partners
Outsourcing Partners
Vendors/Utility
Personnel
Consultants &
Contractors
Employees are the greatest asset
© 2010 MindTree LimitedCONFIDENTIAL: For limited circulation only
Insider Threat
Slide 6
Natural threats Man made
Insider threats
External threats
Fraud/MisusePhysical & Environmental
Information & Systems related
Unauthorized disclosure & Modification,
Disruption or damage
An insider threat need not always result in a compromise of information(systems)
© 2010 MindTree LimitedCONFIDENTIAL: For limited circulation only
Insider Threat Landscape
Slide 7
Insider Threat
Accidental/Non-Malicious
Errors & Omissions, improper configurations, Compromise of systems & information, untrained, awareness &
training
Malware, spam, Mobile computing/storage/communication
devices, staff turn-over
Intentional/Malicious Fraud, Espionage, Sabotage, Compromise of systems & information,
email forward, collusion, etc.,
Theft of Intellectual Properties, confidential & sensitive information, Taking photos and sharing it online
Negligence(often excused as lack of
awareness)
Social Engineering
Policy violations, Incidents not reported, Time spent on Social Media
& Phone, use of official email ids
Coerced by external malicious forces
© 2010 MindTree LimitedCONFIDENTIAL: For limited circulation only
The Probable Causes & Challenges
Lack of articulate policiesPolicies based on “book”Lack of periodic user education,
communication, awareness, etcLack of reviews, audits &
monitoringSecurity in applications, an
afterthoughtPoor development practicesOWASP Top 10 hasn’t changed
much since 2007
Slide 8
Unauthorized software & hardware
Negligence to policies and consequences
Business/Delivery team ownership
Business bats for freedom, new technologies, etc.
IT/Security seen as adversariesBusiness pressures – a perfect
vehicle to get around policiesHigh staff turn-over, low morale,
etc
Do you have a count of incidents related to unlocked systems or password sharing incidents ?
© 2010 MindTree LimitedCONFIDENTIAL: For limited circulation only
Insider Threat Impacts
Loss of productivity, hence of loss of business/revenueMisuse of resources – Leads to a slow-down in the
availability of resources to othersLoss of sensitive, proprietary data and Intellectual PropertyReputational damage, Media & Public attention, etcRegulatory & Contractual non-complianceFinancial losses thr’ fraud, litigation, penalties and so onSends wrong signals to other staffWorkplace conflicts, leading to indecision, inaction, etc.,
Slide 9
Excuses and untreated Incidents can fuel insider threats to continue unabated
© 2010 MindTree LimitedCONFIDENTIAL: For limited circulation only
Financial Impact
From 2009 IDC Insider Risk Management FrameworkThe United States views internal fraud for financial gain as
having the greatest financial impactIn France, unintentional data loss through employee negligence
has the greatest financial impactIn Germany and the United Kingdom, out-of-date and/or
excessive privilege and access control rights for users have the greatest financial impact
“We Have Seen the Enemy and He Is Us”The average annual financial loss from insider risk was nearly
$800,000 per organization in the IT Outsourcing industry
Slide 10
© 2010 MindTree LimitedCONFIDENTIAL: For limited circulation only
Mitigating Insider Threats – Demands a multi-pronged approach
Deterrent proceduresThe tone at the top - Visible, Consistent &
Continuously demonstrated support Policies – Terms & Conditions, NDA, Security
policies, whistleblowerValue System – Ethical and Cultural(risk &
security conscious)In letter and spirit
Preventive - Access controls, Physical perimeter, Guards, escorting, encryption, secure applications, etc.,
Detective - Surveillance, Audit trails, Background screening, time-offs, vulnerability assessments, etc.,
Corrective – Awareness, Incident Mgmt, remediation, etc.
Slide 11
© 2010 MindTree LimitedCONFIDENTIAL: For limited circulation only
Architecture, Network & Applications
Knowledge of the “Big Picture”Irrespective of roles
Security, as a mandatory ingredient throughout SDLCRBAC, SoD, Input, output, processing,
audit trails, secure storage & transmission, disposal, etc.,
During IS acquisition, maintenance & disposal
Testing and VASecurity, as part of enterprise
architecture, application and networkDiligence Vs. Ignorance (Negligence)
Slide 12
© 2010 MindTree LimitedCONFIDENTIAL: For limited circulation only
Probable areas of improvement
Tone at the top, Risk Assessment, Understanding of business
Access rights and authorizationApplications, Segregation of Duties,
Review and revocationTraining & awareness on Risk,
security & compliance Security Incident Management &
Change managementNature & type of audits and
monitoring against complianceEscalation & remediation
Metrics - Incidents, Vulnerabilities, Time taken for patching
Slide 13
With best people, processes, controls & technologies we canmanage external threats muchbetter. Can we say that with the same level of confidence about internal threats ?
© 2010 MindTree LimitedCONFIDENTIAL: For limited circulation only
Some thoughts to leave you with
We are in a industry that employs highly educated professionalsWorking on or developing cutting
edge technologies andIn an environment that has an
impact globallyHave a huge responsibility to
lead from the front in many aspects
Slide 14
Technology is adopted firstFormal risk mitigation & policies
comes next, if happensImplementation of controls occurs
over a period of timeProbably without policies and risk
assessmentCompliance takes even longer
With freedom, comes responsibilityThe more the responsibility, the higher the freedomHas the potential to bring down security, audit & compliance overhead
Works as a morale booster, Instills confidence in customers
Recommended