Security software, appropriate corporate policies and staff education are highlighted by Andrew Horbury as mitigations for insider and hacktivist risks.What can you do about it? Well, you can never entirely eliminate the risks from hacktivists and insiders, but you can certainly mitigate them by enhancing your security. This doesn’t mean stocking up on every piece of security software on those firms – it requires a considered approach to the risks, where cost-effective security software only plays a part. So, let’s look at these in order. Taking security, the first step is to assume that you are a target. Small size and relative anonymity, as we’ve seen, are really not defenses. Hacktivists can use a website to disguise their actions and attack larger, more valuable targets. And insider attacks occur at businesses of all sizes and sectors.
Clearly then, antivirus on its own is not enough – you need to deploy a range of security software to protect your employees and your information. You need best-fit cost-efficient software that both protects and enables business rather than constricting it. Your employees should be able to work securely without fear that they might be endangering the business, and this means regularly updated endpoint protection to stay protected from the latest malware; SSL encryption to protect data at rest and in transit; a secure regular backup and recovery system to prevent data loss and exfiltration; proper access and permission controls; and mail and web security, including regular malware and vulnerability scans to protect your website and keep your employees safe online.
But security means more than just software. You need to anticipate potential issues and be proactive about managing disruptive and disgruntled employees. It’s worth considering having documented working place policies that clearly state the company’s position on things like salary increments and promotions, working hours, workplace behavior and so on and so forth. And when you consider an increasingly mobile workforce, it’s particularly important, with more and more employees working remotely, that they know that the culture and the policies that make up the company still apply when they’re working far away from the home base. You also need to ensure that the cases of retiring and departing employees are completely closed, that they hand back any computer equipment, laptops, mobile phones, any other devices are collected, making sure that over the course of the exit from the company there hasn’t been any kind of data leakage and that they all are given the opportunity to have an exit interview to talk for any issues that they may have before they leave the organization.
Considering that the majority of insider attacks are instigated and started by disgruntled employees and those about to leave, it helps to have a supportive and open company culture. Within reason, allow your employees to work where and when it suits them. Give your employees the opportunity to talk or to suggest improvements to business processes, to become engaged to the workplace. And invite them to talk for any issues they’re having. Any possible resentment or issues that might start thriving inside the company should be ceased as soon as they are discovered.
Educating your staff about data protection and the threats posed by hacktivists and insiders is also an essential part when we’re looking at defense. Make sure your employees know what data is okay to share and take home, and perhaps also consider employing mobile device management software to secure mobile devices, detect applications that can share data between one another, and also have home and work applications, not allowing them to transfer data between the two, and also have the ability to remotely wipe the information should it fall into the wrong hands.
You also should consider having periodic security training sessions for your employees to make sure that they’re up to speed for all of the business and security software that you use, that they know how to stay safe online and how to protect and securely store the data, particularly in cloud applications. This means the very obvious: using strong passwords with special characters and capital letters and numbers; not visiting suspicious websites; not opening unusual emails, particularly ones that look too good to be true and which may contain a malicious PDF or links to what appears to be a normal invoice, but is actually to a malicious website; and not downloading or installing applications if you don’t recognize the source or perhaps it’s not signed by a reputable code signing body. You may also need to make employees aware of the danger of insider and hacktivist attacks, and the associated risks of social engineering so that they can spot and report suspicious activity and avoid inadvertently creating vulnerabilities. Cyber attacks and their perpetrators are unpredictable and constantly evolving, but being aware of the risks and taking these first steps can help to give you the edge.That almost brings me to the end of this webinar. I hope I’ve given you a good introduction into understanding of hacktivists and insiders. On the slide you can see a number of links where you can go and find out some more information. You can follow us on Twitter; the Threat Intelligence team, particularly, tweets a lot about vulnerabilities, malware and virus attacks, attack vectors, and a lot of the information that I’ve covered has been sourced from this particular team. You can follow me on Twitter – @andyhorbury. You can also download the Internet Security Threat Report, which I referred to a little bit earlier, at www.symantec.com/threatreport. We’ve also got a white paper resource site where you can download any kind of documents including the Website Security Threat Report, various technical white papers on things like forward secrecy. If you go to www.symantec-wss.com you can download all of that information there. We also frequently blog about lots of different issues, and you can read that at www.symantec.com/connect/blogs/website-security-solutions.
So, I’d like to say thank you – it’s been my absolute pleasure to present today, and if you want to contact me with any questions, here’s my email address: firstname.lastname@example.org. Thanks a have a great day!
Read previous: The Rise of Hacktivism and Insiders 3: Profile of a Culprit