IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

How to prevent insiders destroying your network

BT's chief technology officer offers five tips to guard against the threat of employees sabotaging business networks.

The threat of insider attacks has been highlighted recently with the case of Rajendrasinh Makwana, a software engineer who allegedly planted a "logic bomb" on US financial giant Fannie Mae's computer network after his contract was terminated.

If the malicious code had executed, court documents said it would have resulted in destroying and altering all of the data on all 4,000 Fannie Mae servers. It was likely the attack would have cost millions of pounds in damage.

Microsoft then warned companies to expect an increase in insider attacks by disgruntled, laid-off workers as the recession continued. Microsoft's Doug Leland told the BBC that malicious insider breaches were the greatest security concern.

The problem with malicious insiders is that they have access and an understanding of the system and security. They have access to corporate assets, and are already inside.

So what can businesses do about the problem? Graham Cluley, security expert at Sophos, said that as companies make people redundant, they need to manage their exits very carefully.

"Not only from a HR point of view, but also from an IT point of view because they may have had access to systems, passwords and methods to either get into your company physically or electronically which could cause you problems," he said.

Bruce Schneier, chief technology officer for BT, wrote on his blog about the insider problem. He said it was impossible to build a system without trusting people, but offered five techniques managers could use to prevent insider attacks.

1 - Limit the number of trusted people.

The fewer people that have root access to the computer system, the more secure it is.

2 - Ensure the trusted people are indeed trustworthy.

This might involve background checks, lie detector testing, or personality profiling.

3 - Limit the extend of the trust given to each person.

This would limit the amount of damage a single person can do. This could involve giving keys that only unlocks their office, or passwords that only unlock their account.

4 - Give people "overlapping spheres of trust".

The idea behind this is Defence in depth' a principle similar to giving two separate keys to launch nuclear missiles. It makes it much harder for an employee to defraud the system, because two people are needed to do anything.

5 - Detect breaches of trust and prosecute the guilty.

Trusted people will always be able to play the system which means that businesses need to publicly punish the attacker through the court system to provide a deterrent. Auditing is therefore vital in order to discover any breaches.

Featured Resources

The state of Salesforce: Future of business

Three articles that look forward into the changing state of Salesforce and the future of business

Free Download

The mighty struggle to migrate SAP to the cloud may be over

A simplified and unified approach to delivering Enterprise Transformation in the cloud

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

The Total Economic Impact™ Of IBM FlashSystem

Cost savings and business benefits enabled by FlashSystem

Free Download

Recommended

The IT Pro Products of the Year 2021: The year’s best hardware and software
Hardware

The IT Pro Products of the Year 2021: The year’s best hardware and software

31 Dec 2021
Sophos Intercept X Advanced review: AI-powered protection
endpoint security

Sophos Intercept X Advanced review: AI-powered protection

30 Nov 2021
Eight steps to fight ransomware
Whitepaper

Eight steps to fight ransomware

28 Sep 2021
The state of ransomware in retail 2021
Whitepaper

The state of ransomware in retail 2021

23 Aug 2021

Most Popular

Cyber attack on software supplier causes "major outage" across the NHS
cyber attacks

Cyber attack on software supplier causes "major outage" across the NHS

8 Aug 2022
Why convenience is the biggest threat to your security
Sponsored

Why convenience is the biggest threat to your security

8 Aug 2022
Electrical explosion reported at Google's Iowa data centre
data centres

Electrical explosion reported at Google's Iowa data centre

9 Aug 2022