With a faltering economy resulting in increased jobs cuts and corporate belt tightening, security analysts are warning companies to be especially vigilant about protecting their data and networks against disgruntled employees.
As it is, one of the biggest threats to corporate data and systems traditionally has come from insiders, who with their privileged access to data and systems, have the potential ability do more accidental or malicious damage than even the outside attacker.
That threat greatly increases at times when companies are laying off staff, cutting back on raises and bonuses, deferring promotions, consolidating operations and outsourcing work to save money.
"All of these increase risk for the company from an insider perspective," said Shelley Kirkpatrick, director of assessment services at Management Concepts, a management consultancy.
Tough economic times create uncertainty in the workplace, she said. Employees for instance, can be worried about losing jobs and promotions, concerned about financial liabilities, mortgages and rising energy costs. "When there is uncertainty, it creates stress for employees. It makes the company more vulnerable" to threats, said Kirkpatrick, who was previously a behavioral threat assessment researcher at the Homeland Security Institute.
The threats can manifest themselves in a number of ways. Insiders with access to corporate information, such as customer data or corporate secrets, might want to steal or disclose it for financial gain or simply to get back at their companies. Those with technical-savvy might seek to sabotage corporate data and systems by planting malicious code and so-called logic bombs that are designed to delete data at a future date on critical systems.
The danger is not confined to such actions alone. Stressed, unhappy workers make easy targets for opportunistic rivals as well, Kirkpatrick said. "If I am a competitor looking for a good opportunity to get trade secrets out of my competition, I am going to go after the people who may be stressed emotionally," she said.
Examples of insider sabotage
The damage that insiders with privileged access can do should not be underestimated as several incidents in the past show, analysts said. In July, for instance, a disgruntled administrator for the city of San Francisco locked access to a critical network by resetting administrative passwords to its switches and routers and then refusing to divulge them to officials for days.
Read up on the latest ideas and technologies from companies that sell hardware, software and services. Simplify, Integrate and Secure: Providing Secure Access to Server-based Information and Resources Across Platforms
Delivering the Power of Choice with Microsoft Dynamics CRM
Australian Unity minimizes costs and maximizes productivity with single sign-on for 1,400 users
Discover the advantages of an open architecture multi-vendor network solution
Simplify and Secure: Managing User Identities Throughout their Lifecycles
Refresh your AUP: Top tips to ensure your acceptable use policy is fit for purpose
Simplify, Integrate and Safeguard Your Business with Secure Web Business Enablement
Still Sneaking In: The Threats Your Security Tools Aren't Telling You About
Zones provide focussed content from Computerworld and leading technology partners.
Security Management
Protect your critical IT assets, achieve sustainable regulatory compliance, reduce IT administration costs and enable new business opportunities with our IT security solutions.
IT Security as a business enabler?
Download Whitepaper
|
Success Stories
Australian Unity minimises costs and maximises productivity with single sign-on for 1,400 users
Australian Unity needed to address its business and security risks including user management and application security management. The company chose an enterprise single sign-on (ESSO) solution and discovered increased employee productivity, reduced help desk costs and elevated data protection.
Download the full Success Story
BT saves more than £15 million and improves customer services with comprehensive Identity & Access Management
To enable future growth and ensure its services remain competitive, BT needed to build closer relationships with its customers and suppliers. Discover how the company is now performing over 36 million transactions a day with their improved Identity & Access Management Solution.
Download the full Success Story
Identity & Access Management
Simplify and Secure: Managing User Identities Throughout their Lifecycles
Organisations are constantly challenged to keep pace with ongoing changes to users and their roles, responsibilities and requirements. Discover how CA can help you create a unified approach for managing users identities, providing them with timely and appropriate access to applications and information.
Download Whitepaper
Simplify, Integrate and Safeguard Your Business with Secure Web Business Enablement
Modern organisations are required to aggressively expand the number and type of Web applications and services provided to customers, partners and employees. Discover how to automate, delegate and centralise your key processes and services including user administration, access policies, auditing and compliance by reading on.
Download Whitepaper
Simplify, Integrate and Secure: Providing Secure Access to Server-based Information and Resources Across Platforms
Distributed servers are a powerful asset in any company’s infrastructure. Over time, most organisations have acquired a variety of different platforms and are relying on them to house an increased amount of critical applications, processes and data. Read on to discover how you can achieve a consistently higher level of server access security across multiple platforms including virtual hosts and guest operating systems.
Download Whitepaper
Buying Guides
Buying Guides
