The plotting of terrorist activity is an extreme example of employee misuse of access, but there is little doubt that the deteriorating economy has impacted on the quality of internal business relationships and, ultimately, heightened employee disaffection, writes Ollie Ross, head of research, Corporate IT Forum.
"The current economic climate changes people's attitudes towards taking risk and gaining from misuse," said one respondent to the Corporate IT Forum's 2009 eCrime Survey. The full results bore out an intensification of the insider threat, but countered with the confidence that business "has implemented improved detection and prevention measures, counteracting any increase in criminal intent".
Organisations must be able to detect when a security incident is occurring or has occurred, and the Forum's Information Security Service has developed recommendations and templates to help members put in place a comprehensive incident response process addressing detection, containment, eradication and recovery to ensure an incident is managed and resolved as quickly and easily as possible.
It is becoming standard practice for businesses to put key individuals through forensic analysis training courses, and most companies have deployed audit, monitoring or alerting mechanisms to aid detection of unusual activity. The key is to combine these with a process for reviewing report results, capturing important information and communicating it to the relevant internal and external agencies as required. We recommend the use of pro-forma documents or templates to standardise reporting as an incident is in progress.
Of course, prevention is always better than cure, so any investigatory or response process needs to be deployed hand-in-hand with governance approaches to support access security such as identity management or role-based access, ongoing employee education and the building - or rebuilding - of a healthy company culture.
This was first published in April 2010