Carnegie Mellon’s Software Engineering Institute has studied the phenomenon of insider threats for more than a decade in order to help businesses identify ways in which they can improve internal security practices. Dawn Capelli, who works at the institute and is co-author of The Search Guide to Inside Threats, spoke about the issue at the recent RSA Conference in San Francisco. Capelli remarked that: “About 50 percent of all companies out there experience at least one malicious insider attack,” adding, “An internal attack has more of an impact than an external attack.”
Since approximately 30 percent of all attacks have a verified connection to company insiders, it is more important than ever before for organizations to take proactive measures against malicious insiders. Capelli offered conference attendees several key pointers.
1. Protect what matters most
Instead of seeking to protect all resources fully from the start, companies should focus their efforts most intensively on the ‘crown jewels’, those resources that are most sensitive and essential to the firm’s interests.
2. Learn from experience
Analyze past insider incidents and take corrective action based on your findings. A surprising number of businesses fail to correct weaknesses and they are attacked more than once on the same channel.
3. Use what you have
Security software designed to protect outside attacks can often be implemented in new ways that also help with insider threats. Instead of buying new programs that may or may not work in your computing environment, work closely with an IT consulting firm that can advise you on how your existing systems can be more effectively leveraged.