Tuesday, January 24, 2012

HOW TO PREVENT INSIDER SABOTAGE IN YOUR COMPANY

All companies face risks to their businesses. Others succumb to them while others mitigate against these risks and prosper. There is however a soft underbelly for most companies. Their information and communication systems have emerged as critical vulnerabilities.

Preventing attacks to these systems is hard enough when faced with external attacks. Protecting an ICT system from an insider attack requires exceptional in-house ICT security capacity.

Stories abound of employees who have crippled companies through various activities. Sometime this year a disgruntled former employee of a pharmaceutical company in the US was charged with sabotaging the company’s IT infrastructure.

He had remotely logged into a hidden virtual server that he had created before he was dismissed. He used this server to take out all the company’s other servers for email, billing, stock control and others.

This is a nightmare scenario any Manager would want to avoid at all costs. How then can we protect ourselves against insider sabotage?

The first defense is separation of duties. This means having more than one person performing critical ICT tasks. It would therefore be difficult to commit fraud or sabotage the systems without collusion among the IT staff. It is advisable to augment separation of duties by implementing robust logging or monitoring systems that would record activity of critical systems.

Knowing who you are hiring to take care of your ICT systems is the second defense against internal sabotage. Doing background checks on potential employees is sensible.

If you hire a skilled database administrator who has a history of hacking, then you should be ready for the consequences when the inevitable hack happens. Employee vetting is a practice local firms should embrace as part of their hiring process.

Another line of defense is limiting the use of administrator accounts that are shared between IT staff. Administrator accounts are privileged user accounts that let the administrator make changes that affect other users. They can change security settings, install software, create email accounts and access all the files and systems in the company. A smart IT Manager will try and convince administrators that they don’t need keys to all the ‘digital gates’ in the company. This is because when a cyber crime happens it is usually the gatekeeper (administrator) who will be the early suspect.

Most incidences of ICT fraud and attacks are insider motivated. This threat should be addressed by all organizations that depend on ICT systems for their operations.

No comments: