Beware threats from outside insiders
Hostile insiders and insiders who accidentally do something that compromises systems or data pose a substantial threat to an organization's security and integrity. Complicating this already complex threat is the outside insider. Contractors, temporary employees, consultants and even vendors are examples of outsiders who attain insider status and systems access. Often these people require and are given access to information systems with little or no insight into their backgrounds because they are not employees of the organization. In the past year, I saw at a client’s site two examples of what can happen as a result of outside insiders’ actions.
The malicious outside insider
A temporary resource was brought in to help the IT organization. That person was obtained through what is known in the industry as a body shop (a company that provides human resources on an as-needed basis). The individual was granted appropriate access based on the duties he was assigned.
After a few months, it was discovered that he had set up an unauthorized server that was outside the organization’s control and had been transferring massive amounts of sensitive data to that server. Law enforcement was notified and, as it turns out, this person had done something similar during another temporary work assignment.
Here's a fact: The Homeland Security Department published a 2011 intelligence report warning that violent extremists have obtained insider positions and that “outsiders have attempted to solicit utility sector employees for damaging physical and cyberattacks.”
The non-malicious outside insider
In another case, management consultants were brought in to deal with some strategic issues at a critical infrastructure provider. Consultant accounts were established for each member of the consulting team. One consultant brought in a wireless hub and established his own wireless network between his computers all the time they were connected to the hard-wired client network. The rogue device was discovered during a routine wireless security scan. The individual’s wireless network extended to the floor below and above. The unencrypted network had a very weak password, and was on the same wireless channel as a competitor’s wireless network that had offices on the same floor.
It is time to give the outside insider the attention this threat deserves.
Posted by Kevin Coleman on Mar 01, 2012 at 9:26 PM