The Inside Job: The Biggest Threat to Cybersecurity?

For most of us, threats to our computer systems come from the outside in. We're concerned about viruses, about malware, about distributed denial of service (DDoS) attacks that can cripple our systems without proper vigilance. But what we don't commonly consider is the attack that comes from the inside, and a new report from Crowd Research Partners suggests that this may actually be an even bigger threat to our systems' way of life.

The Crowd Research Partners project—conducted with the help of LinkedIn (News - Alert)'s Information Security Community which boasts over 260,000 members to its credit—offered some disturbing information about where we really should be looking for threats. First, the bombshell: 62 percent of security professionals have seen a rise in insider threats over the last 12 months, and only 34 percent are looking to see an increase in budget to tackle the problems. To put the warhead on that bombshell, so to speak, less than half of organizations surveyed actually have necessary controls in place to take on insider attacks.

The report went on to note that the biggest insider threat (according to 59 percent of respondents) came from “privileged users”, managers that have uncommonly high access to sensitive material. Lagging behind was the second highest threat potential, contractors and consultants, at 48 percent, as opposed to regular employees, who only managed to pose a clear and present danger at 46 percent. Sixty-two percent of respondents noted that it was not only harder to protect against insider threats, it was also difficult to even detect them. What's worse, remediation costs following an insider attack are either huge or outright uncountable: 38 percent foretold of costs at up to $500,000 per attack, while 64 percent said it was “difficult” to even guess at how much damage was done in the first place.

The problem here, of course, comes back to how most companies handle cybersecurity in the first place. Most focus on a strong perimeter defense, bulking up firewalls and password systems to keep out all those who shouldn't be in. But the problem with insider threats is that they originate from those who already have access, and that's where the defenses fall apart. When the keys to the kingdom are handed over, they can be misused. The first, probably best, way to deal with such threats is to focus more on protecting data instead of protecting the field where the data actually is. Encryption is the key here; if the data is useless to anyone but a handful of people with encryption keys, what threat is there in data being stolen? This isn't to say that strong perimeter defenses are necessary and useful, but such are also just part of the equation. Protecting what's inside is as important as protecting the way in.

The insider threat report illustrates this point clearly; protecting all avenues of a system is likely to provide big payoffs in the long run with safer data and more smoothly operating systems. It's important to consider every angle of attack, and that includes the angle that comes from inside the firewall.