Skip Ribbon Commands
Skip to main content
Cyber Security Mauritius (National Computer Board)
Cyber Security Mauritius>Fighting Threats

Fighting Threats


Security Policy
Fighting Threats
Access Control
Dealing with Malware
Backing Up Data
Email & Spam
Protecting Passwords
Identity Theft & Privacy
Securing Mobile Devices
Wireless Access

Secure Remote Access
Desktop Security

 

Who Is The Suspicious Insider?
 
Disgruntled technical staff members, both before and after termination, must be recognized as potential threats for insider IT sabotage. Data pertaining to fraud and information theft suggest that organizations must exercise some degree of caution with all employees. Current employees in practically any position have used legitimate system access to commit these types of crimes. (Of special note is that almost half of the employees who stole information while still employed had already accepted other job offers.) Unfortunately, there is no profile of an insider who poses a threat to an organization; the threat can be recognized based only on a combination of patterns of behavior and online activity.
 
Can Insiders Be Stopped?
 
Insiders can be stopped, but stopping them is complex. Insider attacks can be prevented only through a layered defense strategy consisting of policies, procedures, and technical controls. Therefore, management must pay close attention to many aspects of an organization, including its business policies and procedures, organizational culture, and technical environment. Managers must look beyond information technology to the organization’s overall business processes and the interplay between those processes and the technologies used.
 
Practices for Preventing Insider Attacks
 
CERT-MU can help to counter the risks that are represented by insider threats. We have developed a series of precautionary measures that can be helpful to contain and avoid these insider threats.
 
  • Practice 1: Institute periodic enterprise-wide risk assessments.
  •  
  • Practice 2: Institute periodic security awareness training for all employees.
  •  
  • Practice 3: Enforce separation of duties and least privilege
  •  
  • Practice 4: Implement strict password and account-management policies and practices.
  •  
  • Practice 5: Log, monitor, and audit employee online actions.
  •  
  • Practice 6: Use extra caution with system administrators and privileged users.
  •  
  • Practice 7: Actively defend against malicious code.
  •  
  • Practice 8: Use layered defense against remote attacks.
  •  
  • Practice 9: Monitor and respond to suspicious or disruptive behavior.
  •  
  • Practice 10: Deactivate computer access following termination.
  •  
  • Practice 11: Collect and save data for use in investigations.
  •  
  • Practice 12: Implement secure backup and recovery processes.
  •  
  • Practice 13: Clearly document insider threat controls.
 
(Source: CERT Coordination Centre, United States)