How to prevent insiders destroying your network

BT's chief technology officer offers five tips to guard against the threat of employees sabotaging business networks.

The threat of insider attacks has been highlighted recently with the case of Rajendrasinh Makwana, a software engineer who allegedly planted a "logic bomb" on US financial giant Fannie Mae's computer network after his contract was terminated.

If the malicious code had executed, court documents said it would have resulted in destroying and altering all of the data on all 4,000 Fannie Mae servers. It was likely the attack would have cost millions of pounds in damage.

Microsoft then warned companies to expect an increase in insider attacks by disgruntled, laid-off workers as the recession continued. Microsoft's Doug Leland told the BBC that malicious insider breaches were the greatest security concern.

The problem with malicious insiders is that they have access and an understanding of the system and security. They have access to corporate assets, and are already inside.

So what can businesses do about the problem? Graham Cluley, security expert at Sophos, said that as companies make people redundant, they need to manage their exits very carefully.

"Not only from a HR point of view, but also from an IT point of view because they may have had access to systems, passwords and methods to either get into your company physically or electronically which could cause you problems," he said.

Bruce Schneier, chief technology officer for BT, wrote on his blog about the insider problem. He said it was impossible to build a system without trusting people, but offered five techniques managers could use to prevent insider attacks.

1 - Limit the number of trusted people.

The fewer people that have root access to the computer system, the more secure it is.

2 - Ensure the trusted people are indeed trustworthy.

This might involve background checks, lie detector testing, or personality profiling.

3 - Limit the extend of the trust given to each person.

This would limit the amount of damage a single person can do. This could involve giving keys that only unlocks their office, or passwords that only unlock their account.

4 - Give people "overlapping spheres of trust".

The idea behind this is Defence in depth' a principle similar to giving two separate keys to launch nuclear missiles. It makes it much harder for an employee to defraud the system, because two people are needed to do anything.

5 - Detect breaches of trust and prosecute the guilty.

Trusted people will always be able to play the system which means that businesses need to publicly punish the attacker through the court system to provide a deterrent. Auditing is therefore vital in order to discover any breaches.

Featured Resources

Shining light on new 'cool' cloud technologies and their drawbacks

IONOS Cloud Up! Summit, Cloud Technology Session with Russell Barley

Watch now

Build mobile and web apps faster

Three proven tips to accelerate modern app development

Free download

Reduce the carbon footprint of IT operations up to 88%

A carbon reduction opportunity

Free Download

Comparing serverless and server-based technologies

Determining the total cost of ownership

Free download

Recommended

Sophos Intercept X Advanced review: AI-powered protection
endpoint security

Sophos Intercept X Advanced review: AI-powered protection

30 Nov 2021
Eight steps to fight ransomware
Whitepaper

Eight steps to fight ransomware

28 Sep 2021
The state of ransomware in retail 2021
Whitepaper

The state of ransomware in retail 2021

23 Aug 2021
Sophos XG 230 Rev.2 review: Powerful and flexible
unified threat management (UTM)

Sophos XG 230 Rev.2 review: Powerful and flexible

1 Apr 2021

Most Popular

What should you really be asking about your remote access software?
Sponsored

What should you really be asking about your remote access software?

17 Nov 2021
How to move Microsoft's Windows 11 from a hard drive to an SSD
Microsoft Windows

How to move Microsoft's Windows 11 from a hard drive to an SSD

24 Nov 2021
Sabbath hackers are targeting US schools and hospitals
ransomware

Sabbath hackers are targeting US schools and hospitals

29 Nov 2021