Attacks/Breaches
12/11/2008
12:42 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%
Repost This

How Companies Can Use IT Security To Protect Against Insider Attacks

Tough economic times present increased motivation for cybercrime. Experts from Gotham Digital Science share tactics that companies can use to protect against security attacks executed by disgruntled or former employees

New York, NY, December 11, 2008 - Companies are vulnerable to IT attacks from criminals and competitors during the best economic climate and face increased risk when times are hard. According to Gotham Digital Science, an information security consulting firm that works with clients to identify, prevent, and manage security risks, the current downturn puts organizations at increased risk for attacks not only from anonymous criminals but from disgruntled or former employees.

"Desperate times sometimes call for desperate measures. In an economic downturn, IT workers can be tempted to utilize their knowledge of an employer," said Matt Bartoldus, Director with Gotham Digital Science in London. "A disgruntled or laid off employee can be motivated by revenge or financial necessity to steal and/or sell data or cause work disruptions, and has familiarity that can be devastating to an organization."

Gotham Digital Science, which helps clients assess risk in order to protect against and prevent cyber attacks that can lead to loss of money, intellectual property, customer information, and reputation, recommends a number of actions a company can take to thwart attacks.

Manage Access: A disgruntled employee with knowledge of sensitive information can wreck havoc in minutes. Manage all the users on your network from a single source such as Windows Active Directory. This will enable you to both disable access to confidential information if an employee leaves or is laid off as well as to easily perform a routine audit to ensure that only authorized users are accessing the network.

Protect your Data: Sensitive business information is often accessible to a wide range of employees, all of whom have the potential to copy and steal valuable information such as customer data, intellectual property, and financial information. Databases and shared network files (spreadsheets, word documents, reports containing charts and tables) often contain confidential information. Distribute sensitive data on a need to know basis and review network file storage to ensure access is limited to those who need it. Systems should be regularly reviewed and any unnecessary or outdated files should be removed. For highly confidential information, limit document printing and the use of cell phones with cameras.

Restrict Data Transmission: In addition to limiting access to information, manage the methods through which data can leave the premises. Limit internet services to necessary sites, restrict use of unauthorized websites to prevent access to personal sites, and disable removable media to prevent sensitive date from being copied onto USB thumb drives or mobile phones. The same policy should be applied to CD/DVD writers to pre-empt the chance of sensitive information walking out the door.

Think like an IT security specialist: IT staff, developers and system administrators have knowledge of and access to the systems that run your company. Make sure to change passwords and remove access whenever one of these employees leaves, and run a scan to check for "backdoors" that allow undetected remote network access and other malicious programs that can cause damage.

Keep Track of Information: Should a security breach occur, identifying the source will help understand the scope of the problem and solve it more quickly. Archiving emails and phone records, saving deleted emails, and recording and logging phone calls will enable you to trace the origin.

"In reality, these are things that companies should be doing regardless of the economic climate," said Brian Holyfield, a Director with Gotham Digital Science in New York. "But they become even more critical during a downturn. With these small steps, companies can protect themselves against a wide range of possible threats."

Notes to Editors

* Earlier this month IBM's ISS X-Force research team identified a 30% increase in network and web-based security events over the last 120 days, with the total number rising from 1.8 billion to more than 2.5 billion worldwide per day, according to data pulled from its managed security services client base of approximately 3700 clients worldwide.

* According to another December study, "The Global Recession and its Effect on Work Ethics", by IT security data experts Cyber-Ark Software, more than half of 600 surveyed office workers from New York's Wall Street, London's Docklands and Amsterdam, Holland, have already downloaded competitive corporate data and plan to use the information as a negotiating tool to secure their next post.

* According to the Ponemon Institute's "2007 Annual Study, The Cost of a Data Breach," the average total cost per data breach is more than $6.3 million to a US company.

* According to new research from IT services company Vistorm, UK companies claim to understand the security challenges their businesses face and the consequences of non-compliance, yet only 48% do anything about it. Of 100 UK businesses surveyed, 79% of companies knew which of their assets were business-critical and 91% understood the consequences of non-compliance. It also found that 43% of companies have inadequate security controls in place for protecting mobile data.

About Gotham Digital Science

Gotham Digital Science (GDS) is an information security consulting firm that works with clients to identify, prevent, and manage security risks. GDS specializes in security testing, software security, and risk management and compliance. GDS develops tools that solve specific security issues and offers a number of security training programs for IT professionals. With offices in New York and London, Gotham Digital Science can seamlessly assist clients on both sides of the Atlantic. For more information, visit our website at www.gdssecurity.com.

Contact Information

Brian Holyfield, Director, Gotham Digital Science, New York, +1 917 375 5891, brian@gdssecurity.com

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-1421
Published: 2014-04-22
Cross-site scripting (XSS) vulnerability in Craig Knudsen WebCalendar before 1.2.5, 1.2.6, and other versions before 1.2.7 allows remote attackers to inject arbitrary web script or HTML via the Category Name field to category.php.

CVE-2013-2105
Published: 2014-04-22
The Show In Browser (show_in_browser) gem 0.0.3 for Ruby allows local users to inject arbitrary web script or HTML via a symlink attack on /tmp/browser.html.

CVE-2013-2187
Published: 2014-04-22
Cross-site scripting (XSS) vulnerability in Apache Archiva 1.2 through 1.2.2 and 1.3 before 1.3.8 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, related to the home page.

CVE-2013-4116
Published: 2014-04-22
lib/npm.js in Node Packaged Modules (npm) before 1.3.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names that are created when unpacking archives.

CVE-2013-4472
Published: 2014-04-22
The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 and earlier, when running on a system other than Unix, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names.

Best of the Web