Snowden. Target. Nordstrom’s. E-bay
High-profile insider and outsider attacks over the past year have made companies and Federal agencies more aware than ever of the risk to networks and data.
That doesn’t mean they’re prepared to stop attacks – it just means that they have a greater understanding of what can happen and what’s at stake.
Outsider threats remain a significant challenge – just look at all the recent news about the Chinese hackers of the PLA who relentlessly attack U.S. corporate networks for trade secrets. But in many ways insider threats represent an even more challenging, insidious problem.
We’ve long known about the PLA. But, insider attacks are launched by employees we don’t view as a threat. In fact, we trust them - until it’s too late.
So, as organizations embrace cloud computing and store greater amounts of data in a converged infrastructure, they need to be even more vigilant about protecting that data from insider threats.
Agencies and other organizations must ensure that they maintain a healthy security program to safeguard the three primary pathways that employees can gain access to networks:
It’s that final pathway that is most vulnerable to insider exploitation.
Agencies must also ensure that their IT shops are putting the most resilient controls possible in place.
That means using a few key solutions:
These are all things we are doing here at NetApp, and there’s much more information on our web site.
We will also cover this issue in depth at the June 18 Cyber Security Brainstorm, where I will moderate the Insider Threats panel discussion. The panel will include Michael Buckley, Counterintelligence Chief at the Defense Security Service; Philip Quade, Chief Operating Officer of the Information Assurance Directorate at the National Security Agency and Grant Schneider, Chief Information Officer at the Defense Intelligence Agency.
Agencies need to do all they can to prevent from becoming the next cyber casualty.
Lee Vorthman, Chief Technology Officer, Federal Civilian Agencies, NetApp