Mitigating IT-associated Insider Threats

Ideas

How can a business protect its confidential information from the many ways it could be compromised by a variety of technology-associated threats? The answer is simple: protect it through an integrated whole-house security architecture. This approach centers on the business’s ability to detect, stop, and remove known or potential threats before they compromise or distribute sensitive data to a third party. We will describe the four technologies that constitute this holistic approach, and suggest best practices for managing them. 

Human Solutions – Combining traditional monitoring with analytical processing power and structured reporting, human solutions monitors activity by human assessors and enforces policies and procedures to mitigate threats. For example, in network security, monitoring devices may periodically query network traffic to identify illicit activity, such as scanning for software usage so that network security can be consistently improved. Human solutions encompass human determinants such as system administration expertise, manual review and audit, and experience of human administrators, as well as specialized knowledge of the most vulnerable data, operating systems, and application programs. 

Technology-Related Technologies – Monitoring devices and applications, such as firewalls, antivirus software, and intrusion detection systems, along with special software for network and application security, are employed in detecting and blocking known threats. Examples include intrusion detection systems that generate reports detailing known threats based on known parameters, malicious websites, and computer attacks. The goal of technology-related technologies is not only to detect and block known threats but also to create a robust overall security posture. Some examples of technology-related technologies include intrusion detection systems that use network protocols to filter network traffic, anti-virus software, and firewalls. Mitigating threats means protecting the business against known risks, while preparing for unknown or likely future threats. Some of the most common methods of preventing an attack include creating a layered attack defense consisting of different techniques, patching software to address known vulnerabilities, training employees on appropriate network practices, and implementing software and hardware security products. 

Human Solutions – Implementing best practices for managing information is a critical component of reducing risk to an organization. Best practices help ensure that employees understand the information they access, how it should be used and how to handle it responsibly and securely. Best practices can also help employees identify the symptoms of a compromise and how to go about repairing the damage if a compromise occurs. These practices may include training and educating management, implementing strict policies prohibiting access to sensitive data, and implementing controls over data movement and storage. Best practices can also include implementing physical and logical safeguards, implementing secure backup and storage methods, and encouraging people to report suspicious activities. 

Software-Related Strategies – Implementing and maintaining appropriate security strategies is another important step in helping to reduce the threat exposure. Security measures include using strong administrative protocols and firewalls, monitoring all network traffic to and from sensitive data, regularly scanning for known threats, and putting in place the necessary protective measures. Software used in computer attacks should be programmed to avoid detection by signature patterns or common coding errors. Software vendors can help by providing software that is updated on a regular basis and that resists known vulnerability attacks. In addition, organizations should implement patch management to avoid the need for roll-outs of fixes for vulnerabilities that are already known. 

Technology-associated threats encompass several types of IT-related threats: Although these threats are most commonly associated with corporate environments, they can also affect small businesses and even home networks. The key to mitigating such threats is to implement a comprehensive IT risk policy that covers not only general computer risk but also specific areas of importance such as network, desktop, server, and software viruses.

Furthermore, a comprehensive threat management strategy should include daily monitoring of the systems affected by the suspected malicious activity, and close monitoring of servers for any signs of compromise.

YOU MAY ALSO LIKE