In a climate of security fear, don’t forget the enemy within

A conversation with Pat Devlin, WatchGuard

Headlines may tend to highlight the climate of fear around the ever-present threat from hackers – but are you aware that the biggest threat to your company’s information security might actually come from your own employees?

That’s not to say that they necessarily mean to compromise your corporate security, WatchGuard ANZ regional director Pat Devlin says – but simply that the explosion of mobile apps, cloud-based applications, and bring your own device (BYOD) policies is introducing complex new weaknesses that can easily create weak points in any organisation’s security defences.

“People tend to be very focused on what the likes of Anonymous and malware authors are doing,” Devlin explains, “but in the vast majority of cases we deal with, the higher percentage of breaches are happening because people are – inadvertently or deliberately – doing something from inside the network that’s either opening their environment up to an attack, or accidentally sending the wrong data out.”

Much of the exposure comes from increasingly insecure mobile apps. The sheer volume of new apps produced every day means that app stores are being plagued with software that can easily abuse built-in software privileges to siphon off sensitive information from otherwise well-meaning employees.

“Everyone wants to bring every device to work, but not every device has the same sort of walled garden philosophy that Apple have,” Devlin says, noting the harm caused by fake offerings such as the LinkedIn lookalike app that was simply designed to steal users’ LinkedIn credentials.

Other fake apps have been pushed, for popular services like Instagram and Skype, and new variants continue to be published with the hope of spreading malware to the devices of unsuspecting mobile users.

“This kind of thing is absolutely rife in app communities, and it’s very difficult for the average user to tell a legitimate from a suspicious app,” Devlin continues. “The service providers do a fair bit of vetting on their software, but it’s impossible to vet all apps down to the finest detail. And if I’m allowing people to store critical data or use various methods to navigate around company resources, it can easily be something I can’t control or affect.”

Many companies only seek help once they find out they’ve been hit with malware – and in a growing number of cases, this is happening because an employee inadvertently gave a high level of access to an app that they shouldn’t have been using.

Such events are prompting Devlin, like many others in the security community, to promote the importance of user education and policies to complement technological defences that are proving far too readily circumvented by careless users.

User education has often been poorly handled in the past, and has become difficult because malware authors have become so good at deceiving users. For this reason, Devlin recommends that companies seek to educate users by outlining exactly what users can and can’t do in the context of company security policy.

For example, companies concerned about data leakage may not want employees to forward work emails to their home email addresses, which may be hosted on insecure messaging systems. This should be addressed with “a strong policy that’s in plain English,” Devlin says.

“If you had a lawyer write it up, it might well be unintelligible and threatening. There’s a big disconnect between what policy is written, and what it’s trying to achieve.”

Technology may not be able to compensate completely for the inexperience of users, but it’s nonetheless an important tool in the fight to retain control over networks being riven by security vulnerabilities.

Modern unified threat management (UTM) platforms can monitor incoming and outgoing traffic to detect for anomalous behaviour and botnet command-and-control signals. WatchGuard’s latest security appliance, for example, can apply rules-based filtering to multiple 10Gbps data streams in real time – giving companies a powerful tool in the quest to keep control of their corporate data.

This unified approach requires the technological consistency that has eluded companies cherry-picking best-of-breed security solutions, which end up with many different solutions that don’t interoperate and can therefore readily miss the more subtle signs of malware infiltration.

To effectively deal with the new threats of BYOD, the components of such fragmented security infrastructure must be unified to ensure that anomalous behaviour isn’t lost in the incompatibilities between systems. “More and more, as you get access from anywhere, it’s very difficult to protect users in any way,” Devlin explains.

“The one thing that’s consistent is that [malware traffic] has to go out on the network somewhere. We’ve invested heavily in the gateway space for both connection AND content filtering. To examine content we are able to fingerprint data and understand how it moves around the network. Making it simple, keeping it easy to manage and putting it all in one place is the only way you’re going to get consistency across all ingress and egress points – and that’s the only way to stay safe..”


You may also be interested in these articles:

Google outlaws facial recognition apps on Glass for now

Establishing a Cloud Broker Model – Part 2

Executives see laptops as bigger security risk than desktops, smartphones: FireEye


Join the CSO newsletter!

Error: Please check your email address.

Tags hackerswatchguardinsecure mobile appsLinkedInAPTsattackPat DevlinmalwareBYODAppleUTMskype

More about ANZ Banking GroupAppleFireEyeGoogleSkypeTechnologyWatchguard

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by CSO staff

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place