Skip to main content

Combating the insider security threat

This article was originally published on Technology.Info.
As part of our continuing strategy for growth, ITProPortal has joined forces with Technology.Info to help us bring you the very best coverage we possibly can.

Insider security breaches are increasingly becoming part of the day-to-day reality for businesses, as a result forensics investigation is from the world of TV dramas and into the boardroom. Internal security risks (such as the theft of IP protected documents by employees moving to a rival company) are a growing issue, while cyber espionage (exploiting holes in organisations’ security) is estimated to cost the UK economy billions each year.


Verizon 2014 Data Breach Report

found that 14 per cent of all data breaches in businesses were linked to insiders. Even more worrying, Information Management firm Iron Mountain last year reported that 8 per cent of UK employees claimed that if they felt they had been poorly treated by an employer, they would have few qualms in taking revenge by stealing confidential or sensitive information.

It's a growing trend that has led my colleagues and I at the Open University to work closely with industry to incorporate brand new business-relevant forensics and information security modules into our recently launched

postgraduate qualifications in computing


Despite the impression given by popular US TV crime dramas, there’s far more to forensics in the business world than technical geniuses working with slick computers and gadgets. This misunderstood discipline is fast becoming a requirement for the ongoing integrity of any organisation, and therefore requires understanding and engagement from a number of areas of business operations.

While the latest digital tool kits can highlight weakness and identify current leaks, just as much can be achieved by implementing robust and well understood internal procedures, and only with the right legal understanding can businesses properly investigate, prosecute and claim against acts of insider theft thievery. However the reality is many organisations lack the basic understanding of the legal system in this area, and can initiate actions that can end up with them on the wrong side of the law.

Proving an employee had access to a certain file can be straightforward, but gathering and maintaining evidence that it was stolen without infringing on their employee rights is a difficult process. For example, untrained investigators will often assume that they are entitled to access and search employee emails for information, despite this being an illegal activity.

Add to this the complications thrown up by the introduction of new technological systems and processes like cloud storage and BYOD policies, and there’s a clear need to provide staff with comprehensive and up to date information on the limits of their investigative powers. Businesses must be in a position to readily call upon in-house employees with up-to-date skill sets who understand the legal landscape. Particularly if they want to avoid finding themselves in front of an employment tribunal to defend their actions.

Historically its been the technical experts who controlled the investigations. Today, these skilled employees should no longer be expected to reside purely within the technical parts of the business. The myriad legal ramifications and employee rights in this area means that the responsibility to understand, direct and control internal investigations lies as much in HR as it does in IT. With specific situations requiring individual interpretation and a great deal of context to be understood in these investigations, there is a need for a balance of skills from different sectors of an organisation. In developing our Forensics module, both of these audiences have been thought of.

The postgraduate programme has been specifically designed to develop relevant and recognised skills that employers want throughout their organisation. This means not just providing technical expertise around how to access and analyse employees’ digital trails, but also working within a legal context to ensure organisations remain within the law when addressing internal vulnerabilities.

Employees can often be the source of many of the vulnerabilities identified by digital forensics and security professionals. With the right knowledge and skills sets, however, they can also be part of the solution. Businesses operating across almost all industries can no longer consider themselves to be detached from cyber crime, which affects all organisations. Those that have the right policies in place, with skilled employees across the organisation ready to examine and act on new evidence with clear and informed judgement, will find themselves in the strongest position.

Dr Kevin Waugh is the Programme Director for Postgraduate Technologies& Computing at the Open University. He has just overseen the incorporation of the University's first business focused digital forensics modules into its brand new postgraduate Computing qualifications.