Government Security News

OPINION / Trends in Internal Theft

For many years, the term “information security” has been synonymous with protecting the network perimeter from outside threats -- hackers, viruses and other malware, intruders and so on. But there has been a growing realization in recent years that protecting the network perimeter is not enough.

As incidents described in the news media over the last couple of years have shown, people need to consider the risks from internal threats, as well. Risks posed by lost and stolen laptops, magnetic tapes and other types of media, misuse of peripheral devices like USB memory sticks or MP3 players, and the sending of confidential information by e-mail.

The latest research and employer surveys confirm the idea that insiders are the greatest potential threat to corporate confidential data because they have authorized access to the data and they know where and how it is stored and processed. This puts them in a much better position to cause harm than external hackers who may know how to breach a network, but don’t know where to find the most sensitive data once they are in.

The problem of data loss from insider threats comes not only from employees who may have a perceived grudge against the company or who are simply looking for a way to profit from the company’s data, it frequently comes from loyal but negligent users who may take work home on a USB flash drive and then lose it. It also comes during routine maintenance processes, like sending backup tapes to off-site storage centers. Courier companies have been known to lose backup tapes with sensitive information on them, resulting in embarrassing publicity and exposure for the company whose data it was.

The information security industry does not have a perfect solution for the problem of dealing with insider threats, but there are some overriding protections that should be considered. First, there are rights management systems that allow corporations to assign detailed access rights for documents. These systems have a significant disadvantage in that they only protect structured documents for specific applications, leaving databases and other raw data vulnerable.

Another layer of protection is provided by data loss/leak prevention (DLP) solutions. They work by controlling possible channels of data leakage -- outgoing e-mails, files written to external media and sent to Web and FTP sites, etc. Outgoing data is automatically analyzed in order to decide whether it is allowed to leave the internal perimeter.

An improvement on this, called information protection and control (IPC), combines DLP methods with encryption of all media that is allowed outside the perimeter. This is more secure, eliminates more threats and is independent of the data’s structure.

So, while the problem of insider theft is just starting to be universally recognized, and the security market has only recently started to address it, there are already some solutions for providing protection and reducing the risk of data loss. Companies need to research these solutions and determine which ones provide the appropriate level of protection for them.