Digital Common Sense

Really good article from CSOonline.com

The Enemy Inside

A realistic approach to prioritizing actions to prevent privileged user or insider security threats.

By Kristin Gallina Lovejoy

For many years external security threats received more attention
than internal security threats, but the focus has changed. While
viruses, worms, Trojans and DoS are serious, attacks perpetrated by
people with trusted insider status—employees, ex-employees, contractors
and business partners—pose a far greater threat to organizations in
terms of potential cost per occurrence and total potential cost than
attacks mounted from outside.

The reason insider attacks “hurt” disproportionately is that
insiders can and will take advantage of two important rights: trust and
physical access.

In general, users and computers accessing resources on the local
area network (LAN) of the company are deemed trusted. Practically, we
do not draconically restrict their activities—revoke trust—because an
attempt to control these trusted users too closely will impede the free
flow of business.

And, obviously, once an attacker has physical control of an asset, that asset can no longer be protected from the attacker.

Technorati Tags: Infosec, network security, insider security threats

Filed by Ken at 8:50 pm under InfoSec