Joel Dolisy 01 September 2015

The insider threat

If you were to check the newspapers today you could almost guarantee there would be a story referencing or focusing on the latest high profile hack. Departments at all levels of government, from national right down to local councils, are bring breached and it’s not just data that is being compromised, but money is also being stolen.

This paints a picture of security threats emanating from cyber-gangs hacking into local council servers on the other side of the globe. But this isn’t necessarily the case. In fact, a recent survey from SolarWinds found that the biggest threats to the local councils aren’t coming from hackers but instead from council employees on the inside.

The survey found that 53% of IT respondents from local councils identified careless and untrained insiders as the biggest IT security threat in their department. These careless individuals are being considered as a bigger cyber security threat than a terrorist or a hacker for a variety of reasons.

Firstly IT departments have less control of employees since personal devices have become more frequently used in the workplace. There is also an increasing amount of pressure on IT pros to apply network configurations as quickly as possible rather than correctly. This is making local councils vulnerable as mistakes are being made by causing inaccurate network changes.

Lastly there is the issue of human error, when employees leave their laptop on the tube or lose their USB stick. Together all of these are contributing to an increase in potential insider threats.

However, there are three strategies that can help address the growing issue of insider threats:

Automate network configurations

A problem which the survey outlines is that network configuration is being carried out quickly as opposed to accurately by IT pros. This can lead to a variety of issues, the most problematic being that if a network isn’t configured properly employees can make unofficial and inaccurate network changes.

All local council IT pros are stretched, however if organisations considered automating the network configuration process the procedure could be carried out much more efficiently. The tool can perform scheduled network configuration backups, bulk change deployment for thousands of devices all with minimal input from the IT pro, freeing up valuable time. As well as limiting the concern over insider threats, these tools can also catch configuration errors and automatically notify the administrator of any compliance issues.

Know who is accessing the network

Over the last few years employees have started to use their own personal devices for work, which has added a great deal of risk to local councils. Losing a laptop or having a smartphone stolen out of a bag can lead to vast amounts of data being stolen which can prove catastrophic to the organisation if something is leaked or worse compromised.

The most efficient way to overcome this is to block unauthorised devices from accessing the network by creating a policy that allows the team to track and monitor devices, switches and ports. To ensure maximum security, develop a ‘whitelist’ of all the devices which are allowed to infiltrate the network and set up notifications if a device attempts to access the network that is not on that list.

Nonstop network monitoring

In an ideal world IT pro’s should be aware of everything that is happening on the network. That in itself is a huge task and next to impossible when the rest of the workload is factored in.

Having said that there is a shortcut which can guarantee every area of the network is monitored without taking up the time of the IT pro. This is by investing in a solution that can automatically monitor the network for any anomalies and alert administrators of any potential breaches, data leaks, unauthorised users, or suspicious activity. The IT pro can then focus their time on responding and addressing any problems the solution has flagged. It also allows the IT pro to pinpoint where the root of the problem is and identify the user who could be unintentionally compromising the network.

A few good examples of effective monitoring solutions include security information and event management (SIEM) and log and event management software. These solutions provide real-time feedback and alerts that give administrators information about any suspicious network activity.

Insider threats are slowly becoming a huge fear of local council IT teams. Whether they are intentional or not they can be incredibly dangerous and should be taken seriously.

Joel Dolisy, CIO, CTO SolarWinds

SIGN UP
For your free daily news bulletin
Highways jobs

Data, Monitoring and Citizen Science Officer

Durham County Council
Grade 10 £37,035 to £40,476 p.a. (Pay Award Pending)
We are looking for an organised and reliable individual to join our team here at the North Pennines National Landscape in Stanhope for a period of 15 Stanhope
Recuriter: Durham County Council

Enhanced Teaching Assistant

Durham County Council
£25,584 - £27,711 pro rata
Enhanced Teaching Assistant Grade 5, £25,584 - £27,711 pro rata 37 hours per week, Term Time only + 2 weeks Permanent     Required from 1st September Ferryhill
Recuriter: Durham County Council

Structures Commissioner

Derbyshire County Council
Grade 14 £53,166 - £59,080 per annum (Pay Award Pending)
We are seeking an experienced and strategic leader to join our team as the Structures Commissioner. Derbyshire
Recuriter: Derbyshire County Council

Rough Sleeper Outreach Officer - WMF2139e

Westmorland and Furness Council
£31,067 - £31,586
We have an excellent opportunity for a motivated candidate to apply for the role of Rough Sleeper Outreach Officer. Penrith, Cumbria
Recuriter: Westmorland and Furness Council

Customer Operations Assistant

Wyre Borough Council
£12.26 Per Hour
Marine Hall is a vibrant and dynamic venue dedicated to delivering exceptional experiences for our audiences and customers. Poulton-Le-Fylde, Lancashire
Recuriter: Wyre Borough Council
Linkedin Banner