Insider is company’s worst security nightmare–Pandora
In Photo: This undated photo courtesy of Pandora Security Labs Inc. shows CEO Isaac Sabas at his office. Sabas said companies should take steps to guard against cybersecurity threats that may come from employees.
AN insider who has access to a company’s store of sensitive data could pose a threat to its cybersecurity, Pandora Security Labs Inc. CEO Isaac Sabas said in a recent interview.
“Actually, that’s the greatest threat.” The attacks, Sabas noted, may arise from the line of discontented staff, who may conspire with external hackers involved in data theft for money. Citing news reports, Sabas pointed to the hacking of Sony Entertainment Pictures in 2014 as example.
Researchers at a cybersecurity firm claim that six former employees could have compromised the company’s network, he said.
An assessment prior to Sony’s hacking that appeared as an article in the Harvard Business Review said “Insiders can do much more serious harm than external hackers can, because they have much easier access to systems and much greater window of opportunity.”
Authors David M. Upton, an American Standard Companies professor, and Sadie Creese, a cybersecurity professor, both of Oxford estimates at least 80 million insider attacks occur in the US each year.
“But the number may be much higher, because they often go unreported,” the authors said.
In the Philippines, the number of cases of insider attacks is growing, Philippines Institute of Cyber Security Professionals (PICSPro) President Angel Redoble said. To prevent internal threats, a company would require a cybersecurity team that would keep an eye on the conduct of all the individuals who have authorized access to sensitive data, according to Sabas.
The team should also regularly check the company’s information-technology (IT) group, he added. “Even in the US they say the greatest threat could be the IT admin.”
A separation between information security and IT should be in place to create and enforce counter-check, Sabas recommended.
“It’s a [relationship between a] checker and maker,” Sabas said. “The IT should not check the exam it makes.”
He said a company should not overlook its cybersecurity, otherwise it would compromise the sensitive data of its clients. “An insider attack has impunity to any anti-hacking solutions, however advanced.”
Image Credits: Photo courtesy Pandora Security Labs Inc./Businessmirror
(Source: businessmirror.com.ph)
Tag:Alumni