Employees the Next (Continuing) Big Security Risk?

surely_you_cant_be_serious writes "A nationwide survey finds that most companies consider their systems vulnerable to attack. Historically, crime rates increase during recessions — and some believe that cybercrime may well follow suit, especially given massive layoffs and the dim prospects many laid-off employees face in finding a new job. 'One thing companies can start doing is monitoring their networks on an ongoing basis so that they understand the normal pattern of data flow and usage, Brill said. In many cases, companies may not have the internal capability to do this, but outsourcing options are available. Kroll Ontrack, for instance, will be rolling out a 24/7 monitoring service for its global clients manned from a US location by professionals in early 2009.'"

Duh?

[eln]

Summary of story:

1.) Crime goes up when the economy goes into the tank and people start losing their jobs. Shocking, I know.
2.) There are plenty of security companies willing to scare your pants off in order to sell you expensive monitoring services. They will gladly use the statistic above to those ends.

Oh yah, and we'll throw a "cyber" prefix in front of "crime" to make this look like something new and different.

Duh?

[starfishsystems]

Move along, people. Nothing remotely new here.

Now if you want to actually do something to improve security performance, how about establishing some security metrics as a point of reference?

Re:flow?

[plover]

But using data flows to catch insiders? A doubtful proposition. Insiders would likely steal/sabotage the data they work with daily, so it would be expected to see flows to those people.

Not necessarily.

In a well-designed system, the data would flow only from the source to the destination, with as few stops in between as possible, right? In the case of credit cards, they would come into a cash register, travel to the authorizing system where they would be sent to an authorizer, then travel to the accounting system to be submitted for payment. While a guy who operates the authorizing system may have the authority to see the traffic trickling by as it happens, if he requests a block of 10,000 authorization records all at once, that's not the normal flow. An IDS can theoretically tell the difference.

Or what if the guy in accounting suddenly emails a 10MB file? That's not his normal pattern either. Again, an IDS can see that difference between "normal" and "abnormal".

They aren't necessarily crimes -- maybe the authorizer was researching a bug, or maybe the accountant was sending big JPEG pictures of his cat to his daughter. But they were both anomalies, and there's definitely a correlation between network anomalies and insider data theft.

And I'm not saying IDS systems are perfect. Far from it. These systems can absolutely be worked around by a knowledgeable criminal, and there are plenty of false positive anomalies in a normal network to keep a team of investigators busy forever. But think about the damage they'd prevent if they did catch an evil insider before your data was sold to a Russian mobster. Just consider them one more layer in the security onion.

Re:Trust

It's just a PR hit posing as a story. I'm surprised how often /. allows The Submarine to strike the front page as "news".

Remember 2003

[jellomizer]

During the time of the big viruses hit. Oddly enough it was when outsourcing became popular for IT staff. A lot of pissed off IT unemployed IT Guys and a lot of location without people local to fix the problems. Create prime virus spreading.