Digital Conflict

By Kevin Coleman

Blog archive
Kevin Coleman

Beware threats from outside insiders

Hostile insiders and insiders who accidentally do something that compromises systems or data pose a substantial threat to an organization's security and integrity. Complicating this already complex threat is the outside insider. Contractors, temporary employees, consultants and even vendors are examples of outsiders who attain insider status and systems access. Often these people require and are given access to information systems with little or no insight into their backgrounds because they are not employees of the organization. In the past year, I saw at a client’s site two examples of what can happen as a result of outside insiders’ actions.

The malicious outside insider

A temporary resource was brought in to help the IT organization. That person was obtained through what is known in the industry as a body shop (a company that provides human resources on an as-needed basis). The individual was granted appropriate access based on the duties he was assigned.

After a few months, it was discovered that he had set up an unauthorized server that was outside the organization’s control and had been transferring massive amounts of sensitive data to that server. Law enforcement was notified and, as it turns out, this person had done something similar during another temporary work assignment.

Here's a fact: The Homeland Security Department published a 2011 intelligence report warning that violent extremists have obtained insider positions and that “outsiders have attempted to solicit utility sector employees for damaging physical and cyberattacks.”

The non-malicious outside insider

In another case, management consultants were brought in to deal with some strategic issues at a critical infrastructure provider. Consultant accounts were established for each member of the consulting team. One consultant brought in a wireless hub and established his own wireless network between his computers all the time they were connected to the hard-wired client network. The rogue device was discovered during a routine wireless security scan. The individual’s wireless network extended to the floor below and above. The unencrypted network had a very weak password, and was on the same wireless channel as a competitor’s wireless network that had offices on the same floor.

It is time to give the outside insider the attention this threat deserves.

Posted by Kevin Coleman on Mar 01, 2012 at 9:03 AM

Reader Comments

Wed, Mar 14, 2012

Way to fuel the fire against contractors with baseless claims and calling them "outside insiders." Contractors espeically get enough bad looks in the system for being considered second tier (or sometimes third) employees are often discriminated against or treated poorly. The fact is, if the organization is hiring from questionable sources, you're going to get questionable people. Perhaps it's time that the organizations hiring people who have not undergone background checks be held accountable for that instead of throwing doubt on the majority of the thousands of contractors, consultants, and temporary workers that do a legitimate (and in some cases better) job than the direct hires.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Your Name:(optional)
Your Email:(optional)
Your Location:(optional)
Please type the letters/numbers you see above

Defense Systems eNewsletters