2011 SC Magazine Insider Threat Keynote
Click here to load reader
-
Upload
john-d-johnson -
Category
Documents
-
view
114 -
download
1
description
Transcript of 2011 SC Magazine Insider Threat Keynote
Managing Data Against Insider Threats
Dr. John D. Johnson, CISSP
Insider Threat
§ The insider is anyone who has been authorized to access internal systems. They originate on internal systems or are permitted special access across the perimeter (i.e. remote access)
§ The insider threat is not new, however technology can allow greater access, at a distance, to sensitive data, with potentially less effort and less accountability
§ The threat exists for insiders to exploit their authorized access, attack or misuse information systems
Defining The Problem
§ Intentional: Economic or Malicious motivations § Hacking and Malware
§ Security Avoidance: Rules not aligned with business objectives
§ Mistakes: Insiders try to follow rules § Ignorance: Insiders don’t know rules
Economic Factors
§ Economic factors may motivate individuals to do things they otherwise wouldn’t do
§ The economy is just one example of external factors that may drive up incidents
§ The economy may reduce security budgets, which may lead to weakened security controls and measures
§ Companies that empower their employees and keep them informed may have fewer data breaches
Global, Legal & Cultural Factors
§ Many gaps in security practices are exposed when a company expands into new markets/countries
§ Data must be managed according to laws in the country in which it resides
§ Not all cultures have the same standards when dealing with intellectual property
§ The reality of how data is treated in different countries and by different cultures may necessitate new controls and measures
Data Breaches
§ According to the Verizon 2009 Data Breach Investigations Report, 285 million records were compromised in 2008.
§ All industries suffer from data breaches, although threat vectors may vary significantly
§ The growth of financial services companies, and advances in technology put larger sets of personal data at risk
§ Historical data shows external hacking, malware or theft (i.e. data tape or laptop) accounts for approximately 80% of data breaches, while the insider threat remains around 20%
§ In 2008, nearly all records were compromised from online sources
§ Approximately 30% of data breaches implicated business partners
Source: Verizon 2009 Data Breach Investigations Report, http://www.verizonbusiness.com/resources/security/reports/2009_databreach_rp.pdf
Protecting The Data
§ Proactive vs. Reactive Responses § Learn from Past Incidents § Encryption § Access Controls & Monitoring § Segmentation § Education
Process Improvements
§ People § Pay attention to employee morale, work closely with HR § Provide security awareness & education that is targeted and
measured
§ Processes § Implement processes for managing employee privileges as
their role changes § Review rights quarterly or annually § Keep concise security policies updated and published for
easy access
Technology
§ You can’t eliminate all risk, so you need to identify tools that will best address the insider threat based on past incidents at your company
§ Risk management helps identify where security dollars are best spent
§ Protecting data at rest and in motion is important, and this works best if you can identify the data you want to protect up front
§ Most tools exist to keep honest people honest
Survey of Tools
§ Data Loss Prevention § Identity Management § Centralized Security Logging/Reporting § Security Event Management § Web Authentication § Intrusion Detection/Prevention Systems § Network Access Controls § Encryption
The Security Budget
§ As the economy and other factors drive up the threat, the security budget needs to be maintained
§ Security dollars should be spent where they can have the greatest impact
§ Significant results can be had by starting with simple, low cost solutions that target “low-hanging fruit”
§ Remember the principle of security in-depth
Measuring Success
§ Develop consistent and meaningful metrics for measuring the efficacy of your security controls
§ Develop executive dashboards and favor tools that provide real-time access to data and reporting
§ Review security processes periodically to ensure they are achieving stated goals, as they legal, cultural and corporate requirements may change
Conclusion
§ While the insider threat has always existed, technology magnifies the problem
§ It is too late to react when a data breach makes your company front page news, be proactive
§ Detecting insider attacks requires layered solutions that leverage people, processes and tools
§ Don’t undervalue the impact of user education § The most expensive solution is not always the best
solution!