Network security has been a prime focus for manufacturers and attendees alike at this year’s security conferences and trade shows. And the trend shows no signs of abating. Encrypted physical security devices, intrusion detection systems and infrastructure management services are just a few of the solutions presented as ways to help block an external party from accessing an organization’s internal systems.
Many of these solutions can only do so much because, unfortunately, the network openings that allow hackers to gain entry and infect the system overwhelmingly originate from trusted insiders. Regardless of whether the vulnerability was caused by rogue/former employees, unscrupulous contractors who have authorized access or even unintentional security breaches by well-meaning or careless staff, they are often the most costly and dangerous.
An insider threat deemed accidental is no less damaging however than a malicious (a motive to harm) or negligent (failure to abide by rules) violation. The Information Security Forum (ISF) reports that the vast majority of network openings were created innocently through accidental or inadvertent behavior by insiders without any intention of harming their employer. In fact, Verizon’s Data Breaches Incident Report states that accidental or inadvertent behavior accounted for almost 30 percent of the information security incidents in 2015. This reported statistic is similar to one from Forrester Research that shows the greatest volume of security breaches – 36 percent – come from ignorant or careless user actions that inadvertently cause security breaches.
While there are several options for addressing insider threats, many aspects of the problem can be mitigated with investment in tools such as key management systems that monitor and control the use of facility keys. Keys are held in a tamper-proof cabinet and access to the cabinets and to individual keys is controlled at all times, with every key being accounted for. All access activity is automatically recorded and email or text messages are sent to alert management of irregularities such as overdue keys or when a high security key is accessed.
These and other reporting features of the key inventory system help management in identifying unusual activities that may indicate an insider threat. For instance, the system records when an employee attempts to access a key they are not authorized to use or when a key is returned by an employee other than the employee who took it out. These activities are risk indicators that a key management system can identify and, when combined with data from the various other security and surveillance systems, the information can be analyzed and conclusions drawn so that necessary actions can be taken to prevent future occurrences.
Today’s key control and management systems have also been engineered with advanced technology to help prevent attacks on the system. Open protocols and partner certifications allow integration into broader security systems, including identity management, access control, and visitor control. Managed separately, they create unnecessary extra work for staff and leave open the potential for security vulnerabilities.
Advanced key inventory systems are also engineered with new security features that can protect the system from cyber breaches via the network. With the firewall enabled, all incoming traffic is ignored unless it is on the specific ports the system requires for network and server communication. Further, systems such as Morse Watchman’s key control and management systems are designed so that the data between the KeyWatcher® Touch and the KeyWatcher Touch Server can be encrypted with AES256 technology with a pre-shared key that is definable on a site by site basis. When networked, a firewall and AES256 encryption technology for data exchanged between the cabinet and the server help protect the system and the organization’s assets.
Key control for the enterprise is now safer, easier and better positioned to address insider threats with these advances.