Taming The Threat From Within: Report

[Excerpted from Inside Out: Protecting Your Partnerships -- And Your Data, a new report published today in Dark Reading's Insider Threat Tech Center.]

Risks from those with legitimate access inside the corporate firewall have come under major scrutiny in the past few years, and the danger isn't simply in the minds of paranoid security officers: Business partners are more than twice as likely as employees to be the source of a security breach.

But being aware of a risk and taking steps to address it are two separate issues. According to a newly published report from Dark Reading, "Inside Out: Protecting Your Partnerships -- And Your Data," training users is the most important way to protect the corporate network, and assessing the severity of the threat and developing a strategy for partner security are some of the steps in safe ecommerce. The report also takes a close look at network access control (NAC) and encryption as tactical tools in the fight to maintain data integrity.

Verizon Business Systems, which in its 2008 data breach report said business partners caused two times as many security breaches as internal employees, also found that the difference between employee and partner risk varied by industry -- in food service, partners accounted for as many as 70 percent of breaches; in the technology arena, partners accounted for only 18 percent. In none of the industries, though, did partner risk sink to a level at which it could safely be ignored.

Assessing your risk entails a large dose of understanding the mechanisms by which threats gain access to the organization's data. A study commissioned by Symantec shows that executable files shared between users are the most common means of attack, followed by email attachments, files moved through the common Internet file system (CIFS), and files shared across peer-to-peer networks. Each of these has a different set of characteristics and a separate set of ports and behaviors that must be guarded against, but they share the function of providing easy access to a computer or user who is trusted to be inside the firewall's protection.

User education is, by far, the most important factor in protecting a corporate network against intrusion. Teaching employees the limits of allowable behavior, the warning signs of threatening email and file transfers, and the reasons for maintaining constant vigilance will do more than any single bit of technology to guard data from unauthorized theft and exploitation.

Augmenting that training with key technologies like NAC, which ensures that all the computers attaching to a network are up-to-date on software updates and have critical applications and policies in place, and full-disk encryption, which severely limits the usability of any data that does manage to make its way into the hands of unauthorized users, can significantly raise the comfort level of managers tasked with maintaining the security of sensitive corporate data.

As the nature of network threats has changed from technological thrill seekers trying to hang another trophy on their walls to organized criminal rings seeking to steal and use credit card numbers and personal information, the importance of straightforward security tools and techniques has become more important. Improvements in security technology make it more likely that criminals will renew their interest in exploiting vulnerabilities in training and discipline to gain access to data living inside corporate firewalls.

So continued training and education coupled with steps to enlist the assistance of employees as active participants in the company security structure will be key in keeping criminals out of sensitive data -- and corporate security executives out of the news.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.