How to protect against insider attacks

Firewalls are very good at protecting organizations against attacks from the outside. But if the attacker is already inside the firewall, you are not helped by firewalls. Insider attacks have become a big problem for many companies. Here are some ideas how you can protect yourself against insider attacks.

Obviously, in order to carry out their daily duties, some people need to have permission to do activities which could harm the organization. It is also easier for staff to acquire information about sensitive systems than it is for outsiders. Since insiders generally know much more about the computer systems of the organization, inside attacks often cause much more damage than attacks done by outsiders.

Protecting against internal attacks is often a tedious task. It requires that you list what systems and data that need to be protected. Then you have to build a list of the people who need access to these systems in order to carry out their daily jobs. Now you are ready to start planning how to protect the organization’s sensitive resources. This includes assign a person who is responsible for each asset that needs to be protected. This person decides who should have what kind of access to the asset.

It is relatively easy to audit access. This should be done and the audit logs need to be saved in on secured server. Otherwise, the insider may erase the audit log after the attack has been done. But audit log only makes it possible for you to work out who did what, they don’t prevent people from damaging the system or stealing data.

The principles that should be used are known as “Principle of Least Privilege” and “Segregation of Duties.” The first principle means that no one should get privileges greater than those needed to carry out his or her tasks. The second principle means that no single individual should be able to process a transaction from initiation to completion.

There are number of reasons why it is difficult to protect against internal attacks. Below are some of the main reasons.

In many organizations, people move frequently to new positions with new responsibilities. But that can also mean that they should no longer have permission to do tasks or to access information that belonged to their old position. This means permissions have to be updated and audited regularly.

By restricting staff’s access, it becomes harder for them to do their work. It can often be convenient to relax the restrictions but this also decreases the security.

Often an inside attacker can take advantage of the fact that he or she is on friendly terms with people who possess vital information. Sometimes this makes it possible to acquire key knowledge or information that the attacker was not supposed to get. But a colleague wanted to be helpful and supplied the information.

Note that insiders can also create security issues by mistake. It is easy to bring in new programs on USB sticks and similar devices. Far from everyone select strong passwords for their accounts. Educating the users is the best way of preventing such security problems. Clever social engineering is another way how insiders can be fooled, here you can learn more about social engineering.

Leave a Reply