Monday, March 19, 2007

Insider Threats

Rome did not collapse due to external enemies but due to inward corruption. In the same way, IT companies can collapse from threats from within. Employees or former employees have the access needed to sabotage an entire information system, if the administration is not careful. So how do IT companies avoid such risks? The answer is not so much in dealing with security in the network, since high-level access will still have to be granted to somebody. It is more of keeping the relationship of the employee to the company intact, and knowing when that relationship has come to an end, as in the case of resignation or termination.


There are symptoms of possible insider threats, and they can be recognized by the employee's behavior. The following is a list of these symptoms, which may not be comprehensive but helpful:
  • Sensitivity to criticism & needs for attention
  • Chronic frustration & feeling unappreciated
  • Difficulties controlling anger with bursts of inappropriate temper
  • Chronic sense of victimization or mistreatment
  • Chronic grudges against others
  • Grandiose/above the rules
  • Subject is avoided by others or they “walk on eggshells” around him or her
  • Bragging, bullying, spending on fantasy-related items
  • Compartmentalizes
  • Lack of conscience, impulse control, empathy for others, social impact

One symptom may not mean that the employee is a threat, but these have to be kept in check by supervisors. The critical point in time when employees can become a threat is when they resign. Such is the case when the employee has access to internal systems from an external location, such as his house, a garage, or a Wi-Fi cafe'. Restricting or limiting access to the system is vital when an employee resigns from the company.

An employee is responsible for his or her own behavior. There are factors however, that will influence the employee towards a certain direction. Management does have a responsibility in maintaining company morale so it doesn't produce disgruntled employees.

A sabotage can occur in the form of a logic bomb. A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met. For example, a programmer may hide a piece of code that starts deleting files (such as the salary database), should he ever leave the company.

Manage your employees well. Maintain those relationships that will foster cooperation between labor and management.

References:
  1. A Risk Mitigation Model: Lessons Learned From Actual Insider Sabotage, http://www.cert.org/cert/
  2. Logic Bomb definition, http://en.wikipedia.org/wiki/Logic_bomb

3 comments:

Junelle said...

Umm ... the symptoms is kinda familiar ... and I think I feel that way sometimes ... but I am still here since the start :)

I guess some agents had just found a better opportunity suited for them; much comfortable, higher pay ... things like that ...

Anyway, resignation and termination is part of Company ... I guess there's no company here that had not experience those things :)

RadX said...

We all feel bad once in a while dealing with stress. But what counts is not what thoughts go through your mind, but what you do with them.

Aice Nice Concepts said...

yeah employer should maintain proper relationship specially "labor relationship" to all the employees

kahit na loyal pa ang isang employee kapag hindi tama un pagdala sa isang empleyado aalis at aalis parin eto para maghanap ng mas magandang opportunity na magdadala sa kanya ng maganda din (^_^)

bow