Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

9/20/2010
04:02 PM
Eric Cole
Eric Cole
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Missing The Insider Threat

"I trust everyone. It is the devil inside that I do not trust" is a great line from the movie "The Italian Job." Every single person has the potential to do harm if the right circumstances occur. Yes, this includes employees.

"I trust everyone. It is the devil inside that I do not trust" is a great line from the movie "The Italian Job." Every single person has the potential to do harm if the right circumstances occur. Yes, this includes employees.Why is it that once a total stranger is hired at your company, you now completely trust that person? Just because he or she is now called an employee does not mean that person has loyalty to your organization and would do nothing to hurt the company.

Many organizations don't perform any background checks or reference checks, and as long as the hiring manager likes them, they will hire them. Many people might not be who you think they are; not properly validating them can be an expensive, if not a fatal, mistake.

Because most organizations hire complete strangers and then give them access to sensitive data, all organizations must worry about the insider threat. Too much paranoia can cripple an organization, but the right amount can protect it. Just ask yourself a couple of simple questions:

  • If someone were fired from a previous company for stealing or unethical activity, would you know?

  • If someone were currently stealing or perform stealthy activity against your organization today, how would you know?

    When an organization posts a job opening, it can take weeks until the first interview occurs. All a competitor has to do is prep someone to ace the interview and then they are in. The fact that it can be this easy to get on the inside is a pretty scary thought.

    Once that competitor insider is hired by the company, the competitor organization has the potential to steal sensitive organizational data. Think about it: This is the same process that foreign governments use to plant a spy in a U.S. agency. Foreign governments know that a key criterion for that person is passing the polygraph, so they will put that person through intensive training so that he or she can do so with no problem.

    This points out organizations' key disadvantage. The attacker knows what process you are going to follow to hire someone, and all they have to do is prep someone so they ace that part of the process. Because these attacks are being perpetrated by trusted insiders, you need to understand the damage they can cause, how to build proper measures to prevent the attack, how to minimize the damage, and, at a minimum, how to detect the attacks in a timely manner.

    Many of the measures companies deploy today are ineffective against the insider. When companies talk about security and securing their enterprise, they are concerned with the external attack, forgetting about the damage that an insider can cause.

    Since everyone uses different terminology, it is important to define what we mean by "insider threat." The easiest way to get a base definition is to break the two words apart. According to www.dictionary.com, insider is defined as "one who has special knowledge or access to confidential information" and threat is defined as "an expression of an intention to inflict pain, injury, evil, or punishment; an indication of impending danger or harm; or one that is regarded as a possible danger." Putting this together, an insider threat is anyone who has special access or knowledge with the intent to cause harm or danger.

    Though no one wants to admit it, it is worth looking around your organization to see whether there are any insiders who are causing harm to the success of your organization.

    Dr. Eric Cole, Ph.D., is a security expert with more than 15 years of hands-on experience. Cole has experience in information technology with a focus on perimeter defense, secure network design, vulnerability discovery, penetration testing, and intrusion detection systems. He is the author of several books, including Hackers Beware, Hiding in Plain Site, Network Security Bible, and Insider Threat. He is the inventor of more than 20 patents, and is a researcher, writer, and speaker. Cole is a member of the Commission on Cyber Security for the 44th President and several executive advisory boards, and is CTO of the Americas for McAfee. Cole is involved with the SANS Technology Institute (STI) and SANS working with students, teaching, and maintaining and developing courseware. He is a SANS fellow, instructor, and course author. Dr. Cole has 20 years of hands-on experience in information technology with a focus on building out dynamic defense solutions that protect organizations from advanced threats. He has a Master's degree in computer science from NYIT and a Doctorate from Pace University, with a ... View Full Bio

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    Commentary
    Ransomware Is Not the Problem
    Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
    Edge-DRsplash-11-edge-ask-the-experts
    How Can I Test the Security of My Home-Office Employees' Routers?
    John Bock, Senior Research Scientist,  6/7/2021
    News
    New Ransomware Group Claiming Connection to REvil Gang Surfaces
    Jai Vijayan, Contributing Writer,  6/10/2021
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon Contest
    Write a Caption, Win an Amazon Gift Card! Click Here
    Latest Comment: Google's new See No Evil policy......
    Current Issue
    The State of Cybersecurity Incident Response
    In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
    Flash Poll
    How Enterprises are Developing Secure Applications
    How Enterprises are Developing Secure Applications
    Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2021-21257
    PUBLISHED: 2021-06-18
    Contiki-NG is an open-source, cross-platform operating system for internet of things devices. The RPL-Classic and RPL-Lite implementations in the Contiki-NG operating system versions prior to 4.6 do not validate the address pointer in the RPL source routing header This makes it possible for an attac...
    CVE-2021-21279
    PUBLISHED: 2021-06-18
    Contiki-NG is an open-source, cross-platform operating system for internet of things devices. In verions prior to 4.6, an attacker can perform a denial-of-service attack by triggering an infinite loop in the processing of IPv6 neighbor solicitation (NS) messages. This type of attack can effectively ...
    CVE-2021-21280
    PUBLISHED: 2021-06-18
    Contiki-NG is an open-source, cross-platform operating system for internet of things devices. It is possible to cause an out-of-bounds write in versions of Contiki-NG prior to 4.6 when transmitting a 6LoWPAN packet with a chain of extension headers. Unfortunately, the written header is not checked t...
    CVE-2021-21281
    PUBLISHED: 2021-06-18
    Contiki-NG is an open-source, cross-platform operating system for internet of things devices. A buffer overflow vulnerability exists in Contiki-NG versions prior to 4.6. After establishing a TCP socket using the tcp-socket library, it is possible for the remote end to send a packet with a data offse...
    CVE-2021-21410
    PUBLISHED: 2021-06-18
    Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. An out-of-bounds read can be triggered by 6LoWPAN packets sent to devices running Contiki-NG 4.6 and prior. The IPv6 header decompression function (<code>uncompress_hdr_iphc</code>) does not pe...