Network World

Insider Threat

Search Insider Threat

Our bi-weekly look at the threats you face from inside your firewall. Have a question for our experts? Write us.

A Tale of Two Insiders: 11/19/09; In 1992, a British bank sent an employee to Singapore to launch and manage its trading operations. The employee engaged in speculative derivatives trading which counted on the Japanese market remaining stable. Unfortunately for him, the Kobe earthquake in 1995 sent the Nikkei into a state of volatility. His risky trades led to $1 billion in losses for the bank.
Their phone, your headache: 10/16/09; Employees want IT to link their personal smartphones to email and other corporate resources, but how do you secure devices that house a mix of peronsal and corporate information? And what happens when those employees quit?
Effectively Enforcing Password Policies and Audits: 10/02/09; Traditionally security professionals have spent most of their time trying to prevent malicious attacks from outside the company. But what happens when the threat comes from trusted insiders with access to passwords?
A reasonable approach to oversight: 09/18/09; When it comes to security, how do you balance between being "big brother" and being a responsible enforcer of corporate policy?
How to address the two types of insider threats: 09/03/09; “I read about fraud all the time – hackers, online gangs, angry employees, etc.. It seems like it’s on the rise. Why is this so hard to detect and how can we prevent fraud in our organization?”
Tokenization vs. end-to-end encryption: 08/14/09; Over the last few months, the PCI Knowledge Base has been doing research on the impact of PCI compliance on fraud and fraud management for the Merchant Risk Council. One of the things we've learned is that, in general, the PCI-mandated controls are most effective at reducing internal fraud due to insider threat.
How to maintain security without increasing the operational load on IT staff: 07/06/09; A number of factors are increasing the challenges of keeping networks secure. One source is additional users of varying types -- including some with multiple roles -- coming onto the network. IT staff finds it must support remote workers, guests, contractors, partners, suppliers -- sometimes even competitors -- on the LAN and yet still protect sensitive corporate assets.
Safeguarding your mobile Workforce: 06/19/09; As workers are required to go mobile in order to stay productive, the corporate network has had to go virtual - piggybacking on the infrastructure of the threat-ridden public Internet.
Is PCI compliance a ticket to the boardroom?: 06/05/09; Here are some PCI-related issues that should be of interest to senior management, and they may require you to make a trip to the boardroom.
Managing integration and access privileges for ad hoc groups: 05/11/09; In today's economy, companies are changing fast. If my company makes an acquisition, can I easily create a group of users to manage that integration, give them specific access privileges, and then dissolve that group when the transition has been complete?
Identifying the source of corporate threats: 04/28/09; The Verizon Business RISK team recently released its "2009 Data Breach Investigations Report" which gives a fresh look into the question of whether insiders or outsiders are the larger threat group. The report concludes that 74% of breaches result from external sources and "the predominance of total records lost was attributed to outsiders."
Can the status quo threaten your LAN?: 04/13/09; In times of economic crisis people tend to seek the safety and security of the status quo. "Doing what you've always done, and what everyone else is doing, is the most prudent course," goes the thinking.
The effects of corporate social media on overall network security: 03/12/09; In today's increasingly communicative world, businesses face a dilemma. They have to find ways to be more engaging and communicate more directly to their customers and the public, while retaining close control of sensitive information.
Controlling unauthorized application usage without increasing costs: 03/02/09; "Our IT department has identified a potential issue with shared account usage in our applications. Can we control unauthorized usage or will we need to replace the apps? We want to avoid that cost if at all possible."
A down economy increases threat of data walking out the door: 02/11/09; Moving into 2009, the number of layoffs and unemployed has multiplied as a result of the falling economy. Corporate data is at risk now more than ever and companies need to be sure they have reliable protection in place.
How to tell which employees are more of a security risk: 01/12/09; Recently I have read quite a bit about "insider threats" and the potential for losing customer data. But not everyone is bad, so how can I tell if I need to pay attention to certain employees?
Is there a hidden cost to data protection?: 12/01/08; Companies today realize the threats and consequences of data loss and by now most have some sort of data protection in place. But, many companies that were rushed into data protection by the fear of losing precious data may have been too quick to throw together a patchwork quilt of security software, which is now proving costly.
Hard times mean more problems with insider security issues: 11/03/08; Does my company need to be more proactive about insiders during hard times?
Can we really stop malicious insiders?: 09/29/08; In terms of malicious insiders committing fraud, can anything "really" be done?
A layered approach to data leak prevention: 09/08/08; My company is increasingly deploying SSL applications and that traffic already represents 40 percent of my network capacity. With this encrypted traffic on the rise, how can I build an effective protection against the loss of sensitive data?
Keeping smartphones from becoming a security threat: 08/25/08; My company is considering purchasing new smartphones for all employees and I am concerned about the implications of what this means for tracking our sensitive data. What are the special challenges of protecting data in an increasingly mobile workforce, and how can I meet my data protection goals?
Does compliance equal security?: 08/11/08; With government increasingly telling businesses how they need to comply with regulations, I wonder if this means that my data is more secure. At the end of the day, does compliance equal security?
Protecting patient records: 07/28/08; I'm in healthcare and am concerned about the breaches of healthcare information that seem to have been in the news all year long. Any suggestions on how I can make sure my organization doesn't end up in the headlines for leaking patient info?
Identity monitoring and core security: 07/14/08; How does identity monitoring fit into an overall core security program. Is it necessary?
Preventing data breaches not a technology issue: 06/23/08; When security people see headlines about data losses at TJ Maxx, ChoicePoint, DuPont, and the Department of Veterans Affairs, they quickly assume that preventing such loss is a technology problem. It clearly is not. It is an information problem.