Companies spend a majority of their security budget on protecting from external attacks but one of the toughest and most insidious problems in information security is that of protecting against attacks from an insider.

Typically an insider is an employee of the company that has greater access to sensitive information, a better understanding of internal processes, and knowledge of high-value targets and potential weaknesses in security. Many insider attacks are detectable if the proper logging mechanisms have been defined and are appropriately segregated and secured from the production systems.

Some insider attacks are even preventable, but this may increase resource or manageability costs. However, it is impossible to prevent all attacks.

The first step in protecting a company’s assets from internal attacks is to identify and classify what those assets are and what controls are currently in place to protect those assets.

For example, if the most important asset is data, you need to know if it is electronic or physical, if it is on a server or a file cabinet, if it is accessed over the network or physically, who has access to it and what changes have been made.

After identifying the assets and all the means of accessing them, the company should determine who, within the company, has access to these assets. This list should be reviewed and re-evaluated against job roles to ensure that only those employees that actually need access to conduct their daily responsibilities continue to have access. For all other employees, regardless of rank or managerial influence, their access should be removed. Having change control mechanisms in place and tracking changes will also ensure only authorised transactions are happening.

The next step in the protection of internal assets is to assign information owners and information custodians. In order to protect you need to know what the areas of vulnerability regarding important assets are.

The areas of vulnerability range from network file shares, to legacy permissions and data portability. The best way to protect yourself from insider attacks is by securing the network file shares, securing the legacy permissions on internal assets and securing data portability.

At the end of the day, greater security comes at the cost of less availability. It will be up to executive management to decide how much risk they are willing to assume to keep business operating as usual.