Wikileaks cybersecurity saga shows importance of insider threats

1 min read

The latest Wikileaks saga, in which confidential US diplomatic cables have been published online and in much of the world's media, is an extreme example of what happens when insider security is ignored.

So says Amichai Shulman, chief technology officer of data security specialist Imperva. He warns that organisations of all sizes are too preoccupied with defending against external attacks on their digital data assets, and are ignoring the internal security threat issue. "Yes, there are hackers out there, but IT history has shown that the rogue employee is also a threat. The banking community is now starting to take action to protect its assets, but organisations have a long way to go before they can truly tackle the very real risks that insider threats pose to their reputation and integrity," he insists. Shulman believes that the most noticeable sign of problems for the US should have been "the easily observable intensive access to multiple documents by an authorised user". He concedes that it is very difficult today for organisations to control access to files at an individual level – particularly with collaborative behaviour being encouraged. However, he suggests that, as well as controlling and monitoring individual access to specific files, based on contents, companies need also to monitor employee behaviour with respect to files in general. "Any user retrieving large numbers of documents a day should raise an alert on a good business IT security system. This presumes, of course, that the organisation is not preoccupied with conventional security and has ignored the abuse of data access privileges," says Shulman. "Organisations need to wake up to the complexities of internal threats, rather than simply relying on conventional IT security systems," he warns.