Although the Department of Homeland Security and the televised news media would have you believe that hordes of foreign attackers and terrorists constantly prepare themselves for cyberwarfare, the reality is your greatest threat is currently occupying a cubicle inside your company. The majority of all computer security breaches are those launched by insiders taking advantage of their unrestrained access within the corporate network.
You might think these statements breed a certain amount of corporate paranoia, and they do. If you weren't paranoid, you wouldn't have network firewalls, antivirus and anti-spyware software, personal firewalls, or 12-character passwords on your accounts.
Potential Internal Security Risks
- Contractors and consultants
- Former employees
- Temporary employees
Your systems come with built-in paranoia in the form of logging and file permissions. Additionally, you should consider a third-party solution that goes beyond those system-level schemes. For example, user activity management (UAM) is one method that reduces theft and unauthorized dalliances. Sure, accidents occur. People make mistakes by typing in the wrong system name, attempting to hit the wrong database or inadvertently accessing a resource for which they have no access. No one has any interest in wasting resources tracking or pursuing those innocent "door knockers."
Read the rest at ServerWatch.