SINGAPORE, 2 February 2015 – Leading enterprise data management solutions provider PTC System Pte Ltd (PTC) has announced the launch of an extensive program to prevent and detect Internal Cybersecurity threat, this include training, collaboration with Institutes of Higher Learning and running a series of seminar for both public and private organization to share this knowledge.
We think of a cybersecurity threat as a hacker or adversary attempting to penetrate our computer systems from outside our network; these threats do exist, but what about the internal cybersecurity threat?
In many data breach instances, the breach of data happens inside the network and inside the company’s four walls.
There is no question that the external cybersecurity threat is of great magnitude but we also must pay attention to the internal threat. With good, solid technology, training, policies and procedures we can greatly reduce businesses' internal threats.
When we think of IT security, we focus on keeping the hackers out of your IT systems but what if the hacker is fully authorized to use those IT systems? Insider threats are real and not so uncommon.
A survey conducted by the United States Secret Service, the CERT Coordination Center (CERT/CC), and CSO Magazine found that in cases where respondents could identify the perpetrator of an electronic crime, 20% were committed by insiders.
The losses from crimes and security breaches conducted by insiders can be significant, often because these people know precisely where to look to obtain access to the financial accounts or intellectual property, and how to circumvent existing security measures.
Insider threats are influenced by a combination of technical, behavioural, and organizational issues, and must be addressed by policies, procedures, and technologies. Therefore, it is important that management, human resources, information technology, and security staff understand the overall scope of the problem and communicate it to all employees in the organization.
Part of the launch, PTC will share some of the best practices for preventing and detecting insider threats.
Institute periodic enterprise-wide risk assessments.
The organization must take an enterprise-wide view of information security, first determining its critical assets, then defining a risk management strategy for protecting those assets from both insiders and outsiders.
Institute periodic security awareness training for all employees.
All employees in an organization must understand that security policies and procedures exist, that there is a good reason why they exist, that they must be enforced, and that there can be serious consequences for infractions.
Enforce separation of duties and least privilege.
Effective separation of duties requires the implementation of least privilege; that is, authorizing people only for the resources they need to do their jobs.
Implement strict password and account management policies and practices.
If the organization’s computer accounts can be compromised, insiders have an opportunity to circumvent both manual and automated mechanisms in place to prevent insider attacks.
Log, monitor, and audit online actions.
Logging, periodic monitoring, and auditing provide an organization the opportunity to discover and investigate suspicious insider actions before more serious consequences ensue.
Use extra caution with system administrators and privileged users.
Typically, logging and monitoring is performed by a combination of system administrators and privileged users. Therefore, additional vigilance must be devoted to those users.
Use layered defence against remote attacks.
Insiders tend to feel more confident and less inhibited when they have little fear of scrutiny by co-workers; therefore, remote access policies and procedures must be designed and implemented very carefully.
Monitor and respond to suspicious or disruptive behaviour.
In addition to monitoring online actions, organizations should closely monitor other suspicious or disruptive behaviour by employees or vendors in the workplace. Policies and procedures should be in place for employees to report such behaviour when they observe it in co-workers, with required follow-up by management.
Collect data for use in investigations.
Should an insider attack, it is important that the organization have evidence in hand to identify the insider and follow up appropriately.
Implement secure backup and recovery processes.
It is important that organizations prepare for the possibility of an attack or disruption by implementing secure backup and recovery processes that are tested periodically.
Clearly document insider threat controls.
As an organization acts to mitigate insider threat, clear documentation will help to ensure fewer gaps for attack, better understanding by employees, and fewer misconceptions that the organization is acting in a discriminatory manner.
As a leading system integrator, PTC actively moves to provide the best of breed solution and offer appropriate solutions for each customer. Despite its background as a traditional IT vendor, PTC is ready to embrace the cloud. To date, it has achieved success in helping customers using traditional infrastructure to adapt cloud strategies, even helping organizations move their applications running on traditional infrastructure to cloud.