We are used to reading about insider risk and much research points to employees, contractors and other insiders being one of the biggest threats to organisational security we face. We also know that most of this risk may actually be unintentional risky employee behaviour or the result of poor or outdated security training. Of course, we have a hostile element in the area of the ‘insider’ too and sometimes this can come from ex-employees as well as current ones – poor security normally provides them with the means to attack an organisation. When it comes to our organisational security there are a range of things that have to be considered and among them may be employee monitoring. This could be ensuring that employees are using company assets in line with policies; it might be for disciplinary procedures or for other reasons. So, what are the key elements organisations need to consider when they tackle the insider threat?

A look through the recent Insider Threat Report from Vormetric (Harris Poll and Ovum), indicates that 87 percent of responders felt their organisation was somewhat vulnerable to insider attack. Given that we still measure breach detection in months, and one in four UK employees do not know what phishing is, this level of uncertainty isn’t shocking. Attitudes toward privileged users, such as system administrators (sysadmin) seem to be a growing concern. With god-like, unrestricted access to entire networks, sysadmins can control and enter wherever they choose in many organisations and rogue users with this type of access can be a security nightmare. Almost 40 percent of respondents to the Vormetric survey felt that privileged users were not properly vetted prior to their access privileges being installed and this figure was four points up on the previous survey. Around half of the businesses surveyed have deployed restrictions on access for users, meaning they can only interact with relevant parts of the network for their role. But the concern about unrestricted access for privileged users is going to remain on many business radars until they have risk assessed their non-restricted access policies and decided it is within their risk appetite to allow this access to continue. 

Jul-Sep 2015 Issue

Advent IM Ltd