Thursday, August 27, 2009

If insider leaks happen by accident...prevent the accident?

Dark Reading recently published its findings on the source of insider leaks:

According to a report...issued by research firm IDC and sponsored by RSA, 52 percent of respondents characterized their insider threat incidents as predominantly accidental, while only 19 percent believed the threats were deliberate. Twenty-six percent believed their insider issues were an equal combination of accidental and malicious threats, while 3 percent were unsure.

Not a lot of digging was done into why accidental leaks occurred, but there was some speculation:

One of the most common offenses in enterprises is the maintenance of expired user accounts, the study says.

"Out-of-date and/or excessive privilege and access control rights for users are viewed as having the most financial impact on organizations," IDC says. "In years past, IDC has estimated that as many as 60 percent of all accounts on most systems are expired. This large number of expired accounts means that insiders who no longer have a relationship with the firm continue to use the firm's IT resources, [such as] network, email, applications, and data.

In the comments area, TCronin suggested a solution - whitelisting Internet access to certain people and sites, thus reducing the chances for accidental exposure of sensitive data. In the comment, TCronin paraphrased a conversation (TCronin couldn't remember the source) about this proposal:

Presenter: presents the whitelist policy as the proper way to manage internet access. Audience member: If I do that, all my employees will leave the company. Presenter: …And I know a few people in India willing to fill those positions.

What will this do?

In this manner, no drive-by downloads are likely, phishing is not a likely threat (except via email) and other threats are also mitigated.

So, is this a wise recommendation?
blog comments powered by Disqus