ContraRisk Security Podcast 20: Rogue insiders and cybercrime co-operation

» Listen or download now on the podcasts page »

Cybercrime co-operation

The International Cyber Security Protection Alliance (ICSPA) was formed to help help government and law enforcement agencies assist businesses in tackling cybercrime.

Co-operation and information sharing are very much at the core of this kind of activity, so, at the recent ISSE conference in Brussels, Steve Mansfield-Devine asked John Lyons, CEO of ICSPA, whether this kind of collaboration has been put under strain by the leaks from ex-NSA contractor Edward Snowden.

Lyons told us that there is now “a great pause in co-operation”, as governments assess the implications of the massive spying operations by the NSA and GCHQ. He feels there’s a need to ‘reset the clock’ and re-establish trust relationships.

He also touched on the UK’s reappraisal of what parts of the European criminal system it adheres to – after highly publicised suggestions that the country might pull out of Europol.

How damaging is all this to the fight against cybercrime? And could there be a silver lining – such as pushing security up the agenda in organisations?

In his presentation at ISSE, Lyons said he feels ordinary citizens are getting left behind by technology, and there needs to be a significant campaign to raise awareness and equip them to deal with the threats.

And finally, Lyons explains why he feels that unregulated payment systems like Bitcoin, which are unquestionably funding criminal activity, should be shut down.

Insider threats

Alan Kessler, Vormetric

Alan Kessler, Vormetric

The global community remains polarised around the activities of Edward Snowden. But praising or demonising his actions misses the central issue, according to Alan Kessler, CEO at Vormetric.

As Kessler explains to Tracey Caldwell, there is an uncomfortable reality we must all face up to. For better or for worse, a contracted system administrator can see all the data in a company’s operating environment  – and privileged insiders like Snowden exist in every organisation.

He points out that company database administrators or cloud contractors present a high risk because of the breadth of access they are granted in order to do their jobs. 

Unsurprisingly, these ‘key holders’ are the best targets for stealthy cyber-criminals looking to gain access to the corporate network – this is particularly the case with Advanced Persistent Threats (APTs).

Vormetric recently carried out its first annual ‘Insider Threat’ survey. The study, which surveyed more than 700 IT decision-makers found that 54% believe it is more difficult to detect and prevent insider attacks today than it was in 2011. Additionally, 46% say they are vulnerable to an insider threat attack – in spite of their security skills, resources, processes, and technologies. Abuse of privileged user rights by employees was a primary concern – with 63% feeling vulnerable to abuse of privileged user rights by employees.

So, where to start in protecting the enterprise against the rogue insider? As a first step, organisations need to determine who their privileged users are and understand what information they have access to, argues Kessler. Different insiders present a different level of risk and should be assigned different access and threat levels. For example, he points out, while some ‘privileged users’ are C-level executives – these users see sensitive data on a regular basis and present less of a risk. 

While traditional perimeter defences may seem to largely irrelevant in preventing these sort of events, Kessler explains that it is possible to design access controls to fit operational purpose and provide security intelligence on what is happening to data, regardless of where it lives in the business infrastructure.

Resources:

» Listen or download now on the podcasts page »

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.