Last week’s blog discussed two of the four levels of insider threat. I wrote about pure insider threat and insider associate levels. This week, I will discuss the other two levels of insider threat – inside affiliate and outside affiliate – and go over how they differ. Remember, understanding these various levels can assist your organization in its efforts to implement the proper security controls within your organization.
Federal, state governments struggling with cybersecurity expertise
To recap last week’s first two levels of insider threat, pure insider threat is an employee who has all the rights and access associated with being an employee and is the most dangerous level as they can cause the most damage based on their access. Also from last week’s blog is the insider associate level. These are individuals such as contractors, cleaning crew, or security guards who have limited authorized access to your organization’s facility or network, which gives them contact with important company information.
The last two levels of insider threat are inside affiliate and outside affiliate.
An insider affiliate is a spouse, child, friend or client of an employee who uses an employee’s credentials to gain access. This can be as simple as a client coming to visit an employee and obtaining a badge that gives that person access to the facility. If the person goes to use the rest room and on the way wanders around looking at what is on people’s desks or computers, he/she could glean some sensitive information.
To prevent insider affiliate threats, the best measure is to implement policies and procedures that will control affiliate activities. Once these policies are in place, they should be explained to employees, and employees should be required to sign off that they understand them. Never assume that employees will always to the right thing. Improper behavior may not be intentional, but it can still be devastating.
Outside affiliates are non-trusted outsiders who use open access, such as wireless service, to gain access to a company’s resources. If the company happens to have an unprotected access point, and the outside affiliate is sitting across the street at a coffee shop, he/she could connect to the company’s wireless connection. Although this may seem obvious, many companies still overlook this threat.
To protect against the outside affiliate threat, a company needs to ensure it has proper access controls in place for all types of access, including virtual and physical.
The key thing to remember when dealing with these four types of insider threat is that they have access and in most cases will exploit the weakest link that gives them the greatest chance of access to your sensitive information, while minimizing the chances of being caught. It is the company’s job to ensure proper controls are in place to minimize these threats.
Cole, E., and Ring, S. (2006). Insider threat, protecting the enterprise from sabotage, spying and theft. Rockland: Syngress.