Wall Street & Technology is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Security

10:22 AM
Mathew J. Schwartz, InformationWeek
Mathew J. Schwartz, InformationWeek
News
Connect Directly
RSS
E-Mail
50%
50%

10 Best Ways To Stop Insider Attacks

Consider the smartest ways that companies can detect, block, and investigate insiders with malicious motives. The advice comes from CERT and the Secret Service, after a review of hundreds of attacks.

What's the best way to spot and block insider attacks? Start by putting an insider attack prevention program in place.

So said Dawn Cappelli, technical manager at Carnegie Mellon University's CERT Insider Threat Center, speaking last month at the RSA conference in San Francisco. Cappelli is the co-author, with Andrew Moore and Randall Trzeciak, of the just-released The Cert Guide To Insider Threats.

Working with the Secret Service, Cappelli and company have reviewed hundreds of hacking cases to deduce how businesses can better block a greater number of malicious insiders. Here are her top 10 recommendations for spotting and stopping insider attacks before they get out of hand:

1. Protect crown jewels first. To put an effective insider-threat program in place, first ask: What's the single most important piece of information in your company? Think the equivalent of the secret recipe for Coke or Gore-Tex. "We've worked with a number of organizations, and they tell us everything is important," said Cappelli. "So we say, what's the one thing that if someone took it to a competitor, or out of the United States, would be worth millions--or billions--of dollars?" Then secure it, preferably not just with encryption, but also by restricting access, as well as logging and monitoring who touches that data.

2. Learn from past attacks. Don't let insider attacks--successful or otherwise--go to waste. "If you experience an attack, you're not alone, but learn from it," said Cappelli. For example, she cited a case of a financial firm that happened to catch an employee who was trying to steal its secret trading algorithms. Seeing a weak point, the security team put new controls in place to explicitly watch for similar types of attacks. Thanks to the improved security, they later caught another employee who was trying to copy the algorithms to his personal email account and an external hard drive.

3. Mitigate trusted business partner threats. Who has access to your business' sensitive information? Although that list will include employees, other "insiders" will be trusted business partners, who might enjoy equal levels of access with less accountability, and opt to take sensitive information with them when they switch to a new employer. "The good news is, if they take it to a competitor in the U.S., there's a good chance that they may report them to law enforcement and they'll get it back," Cappelli said, since most will want nothing to do with trade secrets. The bad news is that one-third of all intellectual property theft cases result in the information being taken outside of the United States, at which point recovering the data becomes unlikely, if not impossible.

To read the entire original article, visit InformationWeek.

Register for Wall Street & Technology Newsletters
Video
All Videos
Slideshows
The 10 Hottest Cloud Apps on Wall Street
The 10 Hottest Cloud Apps on Wall Street
Your IT team may not have heard of them.
More Slideshows