How to prevent insiders destroying your network

BT's chief technology officer offers five tips to guard against the threat of employees sabotaging business networks.

The threat of insider attacks has been highlighted recently with the case of Rajendrasinh Makwana, a software engineer who allegedly planted a "logic bomb" on US financial giant Fannie Mae's computer network after his contract was terminated.

If the malicious code had executed, court documents said it would have resulted in destroying and altering all of the data on all 4,000 Fannie Mae servers. It was likely the attack would have cost millions of pounds in damage.

Microsoft then warned companies to expect an increase in insider attacks by disgruntled, laid-off workers as the recession continued. Microsoft's Doug Leland told the BBC that malicious insider breaches were the greatest security concern.

The problem with malicious insiders is that they have access and an understanding of the system and security. They have access to corporate assets, and are already inside.

So what can businesses do about the problem? Graham Cluley, security expert at Sophos, said that as companies make people redundant, they need to manage their exits very carefully.

"Not only from a HR point of view, but also from an IT point of view because they may have had access to systems, passwords and methods to either get into your company physically or electronically which could cause you problems," he said.

Bruce Schneier, chief technology officer for BT, wrote on his blog about the insider problem. He said it was impossible to build a system without trusting people, but offered five techniques managers could use to prevent insider attacks.

1 - Limit the number of trusted people.

The fewer people that have root access to the computer system, the more secure it is.

2 - Ensure the trusted people are indeed trustworthy.

This might involve background checks, lie detector testing, or personality profiling.

3 - Limit the extend of the trust given to each person.

This would limit the amount of damage a single person can do. This could involve giving keys that only unlocks their office, or passwords that only unlock their account.

4 - Give people "overlapping spheres of trust".

The idea behind this is Defence in depth' a principle similar to giving two separate keys to launch nuclear missiles. It makes it much harder for an employee to defraud the system, because two people are needed to do anything.

5 - Detect breaches of trust and prosecute the guilty.

Trusted people will always be able to play the system which means that businesses need to publicly punish the attacker through the court system to provide a deterrent. Auditing is therefore vital in order to discover any breaches.

Featured Resources

Four cyber security essentials that your board of directors wants to know

The insights to help you deliver what they need

Download now

Data: A resource much too valuable to leave unprotected

Protect your data to protect your company

Download now

Improving cyber security for remote working

13 recommendations for security from any location

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

Recommended

DeviceSHIELD combats rising cyber attacks and online fraud amid COVID-19
Security

DeviceSHIELD combats rising cyber attacks and online fraud amid COVID-19

24 Nov 2020
350,000 Spotify users hacked in credential stuffing attack
Security

350,000 Spotify users hacked in credential stuffing attack

24 Nov 2020
WAPDropper malware hooks you up to premium telecoms services
Security

WAPDropper malware hooks you up to premium telecoms services

24 Nov 2020
VMware sounds alarm over zero-day flaws in multiple products
Security

VMware sounds alarm over zero-day flaws in multiple products

24 Nov 2020

Most Popular

macOS Big Sur is bricking some older MacBooks
operating systems

macOS Big Sur is bricking some older MacBooks

16 Nov 2020
46 million Animal Jam accounts leaked after comms software breach
Security

46 million Animal Jam accounts leaked after comms software breach

13 Nov 2020
How computing has revolutionised Formula 1
Sponsored

How computing has revolutionised Formula 1

11 Nov 2020