Companies must strengthen defences against insiders

PUBLISHED : Tuesday, 15 March, 2011, 12:00am
UPDATED : Tuesday, 15 March, 2011, 12:00am

Every day, IT security professionals in Hong Kong face the challenge of staying one step ahead of the threats to their businesses. New threats constantly emerge that outfox the best antivirus software. Organisations must strive hard to maintain a firewall against viruses that may damage their entire network and cause millions of dollars worth of damage.

To help organisations detect future dangers to their networks, CA Technologies polls its security experts for their predictions on what to look for in the coming year in terms of threats and industry shifts.

Vic Mankotia, vice-president (security) for Asia-Pacific and Japan at CA Technologies, says that throughout the year, industry events and new discoveries affect the security and operations of organisations. This year, IT security professionals will need to step up their battle against the insider threat and leverage identity and access management (IAM) to shift the view of security to that of an enabler for cloud adoption, Mankotia says.

CA Technologies' experts say the insider threat will continue to grow. An investigation report prepared by Verizon showed that the percentage of breaches attributed to insiders more than doubled last year to 46 per cent.

As more companies use social networking sites and employee mobility increases, enterprises are storing more high-quality data and opening more access points. Faced with internal threats, organisations will begin using behavioural analysis to predict hazards, Mankotia says.

The report highlights case study research in this area that examines the psycho-social factors that can contribute to an insider breach. This data could be used to create predictive models that correlate psychological profiles or behaviour to insider breaches or crime.

For example, indicators of risk for insider data breach could include an employee's reaction to stress, financial and personal predisposition to conflict, rule violations and the propensity to hide them when they occur, and chronic disgruntlement or strong reactions to organisational sanctions. This data then could be used to step up and tighten access and data usage rights.

Another area companies will be looking at this year is improving information security by linking data and identities.

According to CA Technologies, for years firms have been protecting information but doing it in a way that affects operational efficiency and can still invite risk. Looking ahead, organisations will realise the need to make IAM policies identity-based.

This realisation ushers in next-generation IAM and makes IAM content-aware.

Traditional IAM stops at the point of access; content-aware IAM goes a step further to not only help control identities and their access but also control what they can do with the information based on their identity.

Mankotia says there is a reason that governments are placing increased importance on cyberwarfare. Crippling our infrastructure would be highly disruptive. Attacks on the technical supply chain by way of compromised hardware and insecure software, or attacks similar to computer worm Stuxnet, could be viewed as an attack on a nation.