Is it time to rethink the term Insider Threat ?20 April 2018
Cloud administrators: A new Insider Threat
Stephen Hawking was once asked whether we should be intentionally advertising our presence in the cosmos. Fearful of malevolent extra-terrestrials, Hawking suggested keeping quiet might be our best option. Unfortunately, this warning arrived a little late, as we have been advertising our presence, intentionally or not, for almost a century. We continue to leave data footprints among the stars, footprints that, with the passing of time, sprint across the universe at the speed of light.
While broadcasting our data to the cosmos is an unstoppable consequence of being a technologically advanced civilisation, what about the broadcasting of our data into terrestrial space? What clues are we leaving for cybercriminals to misuse? Who is culpable when your information is lost, stolen or mishandled?
Why it’s time to rethink the term: Insider Threat
The Insider Threat is a recurring theme that emerges when looking at some of the high-profile breaches in 2017. Microsoft partner, IS Decisions, said:
“It is often assumed that IT viruses and hackers should be an organisation’s biggest concern, the reality is that it is your own staff, whether maliciously or accidentally, that are the most common cause of a security breach.”
Cybersecurity spending across every industry is expected to exceed $1 trillion over the next four years, which suggests companies are taking data security seriously. There are unending reams of employee e-Learning and textbooks to digest, as companies battle to stay ahead of the threat curve.
The Insider Threat’s unpredictable and often accidental nature makes it extremely difficult to defend against. But are companies overlooking something?
The rogue cloud administrator
The cloud is forcing organisations to rethink Insider Threats. A cloud administrator is in a position to damage the reputation of their employer and the reputation and assets of their client.
A side effect of the cloud is that data is no longer stored in a single information centre for organisations to access whenever they wish. What is at risk when organisations do not know and have not hired or vetted the cloud administrators entrusted to protect their data?
Cloud-based computing, while increasingly flexible, can lead to misunderstandings about where the lines of responsibility are. While employees can easily transmit and access data, there is a lack of transparency around whether responsibility lies with the employee or the service provider.
The consequences of a breach caused by a cloud administrator can be devastating – given the privileged access rights afforded. What’s more, cloud administrators have an advantage of knowing the best way to infiltrate an organisation’s network, where to attack for optimum effect and how to mask what they have done. The cloud is a game changer. Organisations can manage this threat more effectively by:
- Establishing the relationship parameters – ensuring there are contractual undertakings, policies and procedures in place which the third party must adhere to.
- Reviewing third party activities – put tools in place that allow you to review and monitor third-party activities. Unauthorised access can only be prevented if it is caught in real time.
- Identifying erratic behaviour – look out for abnormalities in a cloud administrator’s day-to-day activities. This may help you prevent a breach from occurring or allow you to pinpoint the moment a breach happened.
Above all else, companies need to take the lead and control the relationship by applying the same stringent rules that they would enforce within their own offices to protect against the Insider Threat.
So, the next time you’re staring up at the stars wondering about little green men and women rocking out to David Bowie at an intergalactic disco – look a little closer to home and think about the data you are sharing now.
Remember, a cybercriminal doesn’t have to move at lightspeed to pinch your information.