"Unfortunately, the majority are focused on some form of intrusion protection, such as firewalls and behaviour-based intrusion detection, while paying scant attention to human related threat management, such as identity and access management," he adds. "The biggest threat today is internal, from the people that you trust: your staff.”
Magix Integration director Amir Lubashevsky agrees: "It`s all very well to search employees when they leave a building to make sure they don`t take their computer`s hard drive home, but what are corporations doing to ensure their staff do not purposely corrupt information or sell it to a competitor?
"There are criminal syndicates in operation today making a lucrative business out of recruiting employees from various companies and paying them to change or steal data," he warns. "Would you rather lose a piece of hardware worth R1 000 or have sensitive data passed to a competitor and lose millions of rand in potential new business?"
Lubashevsky says employee monitoring is a sensitive issue. "Nobody likes to feel they are continually under suspicion, especially when only a small percentage of people actually engage in criminal activities. The reality, however, is that not monitoring employee activity is no longer an option."
James says the lack of effective identity management policies that set out who can access what data and do what with it - makes it easier for crooks or disgruntled staff to access data. Many companies now also deploy both LAN and WiFi in their office space, and, while the first is often adequately protected, the second is not. What will prevent an angry former staffer or a hacker from parking in the street outside and gaining direct access to company data via an unsecured WiFi network?
Identity and access management processes that enforce the segregation of duties go a long way to removing this threat, says James. "They manage each user`s progress through the company from start to finish, ensuring each has access to whatever data and systems their job requires, but no more. They also cater for removing the user from the various systems when they leave or move within the organisation."
Lubashevsky says many companies now regularly analyse their database and server log files to determine if any unauthorised or irregular activities have occurred. "The results can often highlight suspicious activities and point out suspect employees. Unfortunately, this usually happens long after the damage is done," he says. The only workable preventative solution is "invisible employee monitoring technology to guard against specific information anomalies in real-time. This will enable businesses to catch malicious activity before any damage is inflicted."
But who guards the guardians? As events at Fidentia and Leisurenet show, corporate malfeance can happen at the highest levels. What can be done to guard against the CE going bad?
|
Post a comment
|
Login.
Business Best Practise
