Network World

Insider Threat

Search Insider Threat

Our bi-weekly look at the threats you face from inside your firewall. Have a question for our experts? Write us.

How to maintain security without increasing the operational load on IT staff: 07/06/09; A number of factors are increasing the challenges of keeping networks secure. One source is additional users of varying types -- including some with multiple roles -- coming onto the network. IT staff finds it must support remote workers, guests, contractors, partners, suppliers -- sometimes even competitors -- on the LAN and yet still protect sensitive corporate assets.
Safeguarding your mobile Workforce: 06/19/09; As workers are required to go mobile in order to stay productive, the corporate network has had to go virtual - piggybacking on the infrastructure of the threat-ridden public Internet.
Is PCI compliance a ticket to the boardroom?: 06/05/09; Here are some PCI-related issues that should be of interest to senior management, and they may require you to make a trip to the boardroom.
Managing integration and access privileges for ad hoc groups: 05/11/09; In today's economy, companies are changing fast. If my company makes an acquisition, can I easily create a group of users to manage that integration, give them specific access privileges, and then dissolve that group when the transition has been complete?
Identifying the source of corporate threats: 04/28/09; The Verizon Business RISK team recently released its "2009 Data Breach Investigations Report" which gives a fresh look into the question of whether insiders or outsiders are the larger threat group. The report concludes that 74% of breaches result from external sources and "the predominance of total records lost was attributed to outsiders."
Can the status quo threaten your LAN?: 04/13/09; In times of economic crisis people tend to seek the safety and security of the status quo. "Doing what you've always done, and what everyone else is doing, is the most prudent course," goes the thinking.
The effects of corporate social media on overall network security: 03/12/09; In today's increasingly communicative world, businesses face a dilemma. They have to find ways to be more engaging and communicate more directly to their customers and the public, while retaining close control of sensitive information.
Controlling unauthorized application usage without increasing costs: 03/02/09; "Our IT department has identified a potential issue with shared account usage in our applications. Can we control unauthorized usage or will we need to replace the apps? We want to avoid that cost if at all possible."
A down economy increases threat of data walking out the door: 02/11/09; Moving into 2009, the number of layoffs and unemployed has multiplied as a result of the falling economy. Corporate data is at risk now more than ever and companies need to be sure they have reliable protection in place.
How to tell which employees are more of a security risk: 01/12/09; Recently I have read quite a bit about "insider threats" and the potential for losing customer data. But not everyone is bad, so how can I tell if I need to pay attention to certain employees?
Is there a hidden cost to data protection?: 12/01/08; Companies today realize the threats and consequences of data loss and by now most have some sort of data protection in place. But, many companies that were rushed into data protection by the fear of losing precious data may have been too quick to throw together a patchwork quilt of security software, which is now proving costly.
Hard times mean more problems with insider security issues: 11/03/08; Does my company need to be more proactive about insiders during hard times?
Can we really stop malicious insiders?: 09/29/08; In terms of malicious insiders committing fraud, can anything "really" be done?
A layered approach to data leak prevention: 09/08/08; My company is increasingly deploying SSL applications and that traffic already represents 40 percent of my network capacity. With this encrypted traffic on the rise, how can I build an effective protection against the loss of sensitive data?
Keeping smartphones from becoming a security threat: 08/25/08; My company is considering purchasing new smartphones for all employees and I am concerned about the implications of what this means for tracking our sensitive data. What are the special challenges of protecting data in an increasingly mobile workforce, and how can I meet my data protection goals?
Does compliance equal security?: 08/11/08; With government increasingly telling businesses how they need to comply with regulations, I wonder if this means that my data is more secure. At the end of the day, does compliance equal security?
Protecting patient records: 07/28/08; I'm in healthcare and am concerned about the breaches of healthcare information that seem to have been in the news all year long. Any suggestions on how I can make sure my organization doesn't end up in the headlines for leaking patient info?
Identity monitoring and core security: 07/14/08; How does identity monitoring fit into an overall core security program. Is it necessary?
Preventing data breaches not a technology issue: 06/23/08; When security people see headlines about data losses at TJ Maxx, ChoicePoint, DuPont, and the Department of Veterans Affairs, they quickly assume that preventing such loss is a technology problem. It clearly is not. It is an information problem.
Log management as a tool against insider threats: 05/27/08; How can I leverage the log-management product I've bought for compliance to protect the network against insider threats as well? If I have a log management solution in place, will that be sufficient to protect my sensitive data? What other best practices are there, and can you provide a few real-world examples?
The case of the tampered USBs: 05/12/08; They put 4Gb USB sticks (properly marked and in manufacturers' packaging) all over the parking lot. Employees picked up the sticks and some went straight to their computers and inserted them to see if they worked. Unknown to the employees, the USB had a boot program that installed a piece of software.
When the inside threat is from outsiders: 04/21/08; With the economy being so shaky right now, my company has put a freeze on hiring and we are currently using temporary contractors to fill certain positions. It seems that outsiders are the new insiders. Any tips on best practices for making sure contractors have what they need, but can't take sensitive information out the door when the job is done?
The correlation between identity monitoring and data loss prevention: 04/07/08; I've been looking into the correlation between identity monitoring and data loss prevention technologies. Can you clarify if these two go hand-in-hand and if so, the best ways to use them to get maximum efficiency?
Data leakage prevention on a budget: 03/17/08; Now that larger companies are entering the DLP space, my company wants me to look into the technology. I've noticed it's quite pricey, especially with service added. Can DLP be done on a budget?
What data is most important to protect?: 02/25/08; Now that larger companies are entering the DLP space, my company wants me to look into the technology. I've noticed it's quite pricey, especially with service added. Can DLP be done on a budget?