November 30, 2015 By David Strom 3 min read

A new Intermedia Insider Risk Report showed that the biggest risk to enterprise IT security is the IT department itself. The report surveyed more than 2,000 IT workers in the U.K. and U.S. earlier this fall. The survey asked questions about whether employees would take data from their companies when they changed jobs, install personal apps on work-owned PCs or operate independently from any tech department for nonapproved purchases.

Results showed IT workers were more willing to go against policy in certain circumstances. For example, almost one-third of IT department respondents would take data if it could benefit them, compared to only 12 percent of the general population.

I am not surprised that IT is its own worst enemy here. Over the years, I’ve met many IT workers who embody this attitude. They don’t feel bound by their own security policies, best security practices or other rules that they create for their fellow employees — and that is a sad and sorry state of affairs.

Malicious insider attacks were also recently designated one of the top four cybercrime trends by IBM Emergency Response Services (ERS). So what can you do about this situation? Here are several suggestions.

Recognize Dangerous Behavior

First, take a look at this report from last year, “Combating the Insider Threat.” It gives some good advice on how to recognize potentially dangerous insider behavior, including tracking a pattern of employees who access the network during off hours, or when IT workers are supposedly on vacation or show abnormal interest in matters outside their scope of duties. They have a number of great recommendations that are very actionable. Some of my favorites include:

  • Deploy data-centric, not system-centric, security. This means you should use your intrusion detection system (IDS) to look more closely at your critical data sources and uses rather than trying to protect your firewalls or servers. Indeed, the report suggested that you “think like a marketer and less like an IDS analyst,” meaning you need to look at what information could be useful to your competitors or other outsiders.
  • Build meaningful baselines. Look at network volumes or frequency of particular recurring patterns. That way, when something abnormal happens — like your soon-to-be-ex-employee downloading 1 TB of customer database — you can actually catch it on tape.
  • Use centralized logging. Logging can detect data exfiltration near insider termination situations. We all can expend a lot of effort tracking what happens when employees are terminated or resign to make sure that their access has been revoked across all systems. Another method is to “announce the use of policies that monitor events like unusual network traffic spikes, volume of USB/mobile storage use, volume of off-hour printing activities and inappropriate use of encryption.” Even if you don’t enact initiatives in each of these areas, at least you’ve put the potential bad actors on notice.
  • Note frequent visits to sites. Frequent visits may indicate low productivity, job discontent and potential legal liabilities (e.g., hate sites or pornography). Don’t go too overboard here, but certainly keep an eye out for this kind of behavior.

Listen to the IT Department

Second, be a better listener and start looking for changes in your corporate culture, even subtle ones. Oftentimes, employee satisfaction (or dissatisfaction) originates from small things: canceling flextime, tightening benefits or micromanagement.

Finally, evaluate your own management style and take stock of recent controversial decisions, as well as why they were so contentious. Perhaps an attitude readjustment is in order to help your own department become more inclusive in its decision-making or operations.

Read the IBM Research Report: Battling security threats from within your organization

More from CISO

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Boardroom cyber expertise comes under scrutiny

3 min read - Why are companies concerned about cybersecurity? Some of the main drivers are data protection, compliance, risk management and ensuring business continuity. None of these are minor issues. Then why do board members frequently keep their distance when it comes to cyber concerns?A report released last year showed that just 5% of CISOs reported directly to the CEO. This was actually down from 8% in 2022 and 11% in 2021. But even if board members don’t want to get too close…

The CISO’s guide to accelerating quantum-safe readiness

3 min read - Quantum computing presents both opportunities and challenges for the modern enterprise. While quantum computers are expected to help solve some of the world’s most complex problems, they also pose a risk to traditional cryptographic systems, particularly public-key encryption. To ensure their organization’s data remains secure now and in the future, chief information security officers (CISOs) should educate themselves about quantum computing, proactively address the coming quantum risks to cybersecurity and work to establish cryptographic agility in their enterprise.A future cryptographically…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today