29 July 2010

Employee Misconduct: Mitigating Insider Risks...

The new Verizon Cyber Report is a valuable read for OPS Risk professionals that focus on data breach and incident response. The full breach report can be found at this link at Verizon Business.

We have to agree with the observations made by Brian Krebs on the following topic in the report:

A key finding in this year’s report is that most companies suffering breaches missed obvious signs of employee misconduct – breaches that were either initiated or aided by employees. Sartin said in almost every case where a breach investigation zeroed in on an employee as the culprit, investigators found ample evidence that the employee had long been flouting the company’s computer security and acceptable use policies that prohibit certain behaviors, such as surfing porn or gambling Web sites on company time and/or on corporate-issued laptops.

The study found a strong correlation between ‘minor’ policy violations and more serious abuse. From the report: “Based on case data, the presence of illegal content, such as pornography, on user systems (or other inappropriate behavior) is a reasonable indicator of a future breach. Actively searching for such violations rather than just handling them as they pop up may prove even more effective.”


The "Insider Threat" continues to be under estimated and all of the monitoring tools will not be able to stop it completely. Ever. So what are some of the solutions to address the issues at hand? Here are a few ideas worth exploring if not for the Fortune 500 Enterprise but the small-to-medium enterprise (SME) who doesn't have the budget or the internal staff to engineer a robust and resilient infrastructure. They have their unique place in a layered approach to cyber defense:

Idea #1: ScanSafe

Cisco recently acquired the pioneering SWG SecaaS company ScanSafe. ScanSafe continues to execute well and has the largest market share in the SecaaS market including several organizations with well more than 100,000 seats. ScanSafe is expected to form the basis of an increasing array of Cisco SecaaS offerings, starting with the addition of e-mail. Cisco's credibility with the network operations team, the progressive development and market growth of the S-Series and the acquisition of the leading SecaaS provider moved Cisco into the Leaders quadrant this year.

Idea #2: IronKey

IronKey was chosen by the Reader Trust Voting Panel, comprised of security and technology experts from large, medium and small enterprises from all major vertical markets, representing the wide distribution of SC Magazine readers. With an unprecedented number of entries submitted the 2010 SC Magazine readers selected IronKey over competing solutions from Check Point, CREDANT, PGP and Symantec.

IronKey brings unprecedented mobile data security to enterprise and government organizations by combining the IronKey multifunction security devices with the ability to remotely manage the devices and strictly enforce security policies from a centralized administrative console. IronKey enables organizations to securely deliver complete desktop environments on ultra-secure, remotely managed devices with integrated two-factor authentication and fraud protection capabilities.


Idea #3: OpenDNS

OpenDNS has solutions that are perfect for organizations of all sizes, from small businesses to Fortune 500 enterprises. With no equipment to install, no upgrades and no maintenance, OpenDNS will reduce your costs, give you more control and make navigating the Internet on your network a safer, more secure experience.

OpenDNS provides comprehensive security for your organization's network through botnet and malware site protection. OpenDNS delivers network security services through the DNS layer, blocking known malicious or infected sites from resolving on your network. Since infected sites are prevented from resolving, malicious content is blocked from reaching your network, and thereby OpenDNS provides the most efficient protection available.

Built-in botnet protection stops trojans, key loggers and other persistent malware and viruses on machines in your network from sending out confidential data and personal information to hackers outside the firewall.


These are just three examples that we have found to be reliable, cost effective and easy for the small-to-medium size company to hedge against some of the infrastructure risks and bad behavior by employees. So what else could the savvy VP of Operational Risk inject into the organization to address some of the other types of "Insider Threat"?

Provided as a resource by the Association of Certified Fraud Examiners (ACFE), EthicsLine serves as an internal control tool through which companies can detect and deter fraud. Powered by Global Compliance, EthicsLine includes hotline, case management and analytics to empower organizations to prevent, detect and investigate instances of organizational fraud and abuse.

EthicsLine provides expertise and experience. As the power behind EthicsLine, Global Compliance introduced the original ethics and compliance hotline and is the largest provider of hotline, case management, and analytic solutions worldwide – supporting over 25 million client employees in almost 200 countries. Global Compliance also provides additional products and services that integrate with EthicsLine and protect an organization from fraud and abuse.


The employee who knows how to circumvent the "Rule Sets" as it pertains to the Acceptable Use Policy for the corporate digital assets may also be the same person who is stealing from the company. Whether they are stealing actual cash from the register, using vendor billing schemes or other occupational fraud tactics they understand how to get around the control objectives. Operational Risk Managers need to look at the employee population as an ecosystem of risk and that a certain percentage of those employees will be trying to surf Internet gambling sites and simultaneously misappropriating assets.

As you spend more time in OPS Risk, the more you understand the intersections with human behavior. The tools will assist you along the way yet it is the day to day interaction with people that will help you predict where and how someone may be increasing the risk to your enterprise.