| Summary: | <p> Corporations try to defend themselves against outsider threats, but insider threats can be just as devastating. Insiders have an understanding of their organization’s critical assets, physical access to computers, and more privileges than their outside counterparts. This paper will outline three different areas of accessibility issues that insiders can take advantage of in order to leak sensitive information; exfiltration methods, encryption, and corporate considerations of best practices. Data exfiltration focuses on the different techniques that insiders can use to transfer sensitive information. The research outlines how exfiltration has evolved into more sophisticated techniques, but concludes that rudimentary methods associated with external storage devices are still prominently used. Data encryption, if applied properly, can protect sensitive information from unauthorized access, but also creates problems that corporations will have to address. Work productivity can be halted by encryption techniques, causing employees to bypass these systems. Historical cyber attacks show that managing encryption keys are equally important as managing encrypted data, but encryption can still be dismantled through brute force attacks. Corporations will have to make decisions on which best practice methods to choose from in order to defend themselves against insider attacks. Some of these considerations include: risk assessments, employee training, monitoring, password management, data management, and BYOD considerations. Improper utilization of these practices can allow information to be stolen by insiders, but if applied properly, can mitigate the accessibility of insiders. Keywords: insider threats; data exfiltration; Cybersecurity; Professor Christopher Riddell; encryption.</p>
|
|---|
