Insider threats continue to be the most dangerous threat to any organization. They are threats to internal data and intellectual property, network performance and security, and even the health and safety of the workforce. The veracity of this threat is exemplified by the FBI charging Joshua Schulte, a CIA engineer, as the individual behind the Wikileaks Vault-7 leaks and the report of a Tesla employee allegedly sabotaging products and leaking intellectual property belonging to the company. Considering the seriousness of the insider threat, let’s take a look at who insiders are, what drives them, and how you can protect your company from them (to the extent possible).
The Insider Threat Profile
Insider Threats are categorized in three ways. The most dangerous are your malicious insiders. Those in your organization who are motivated to do some sort of harm; whether it be stealing money, leaking data, harming employees, or spying for countries or competitors. Fortunately, while they may do the most damage and be the most dangerous, these are relatively infrequent.
The most common insiders are your trusted, everyday employee; particularly in the cyber domain. Hackers know that usually your people are your weakest link. Not everyone knows how to identify a phishing email or how to browse the web securely. Sometimes, people just make a mistake. In 2017, Verizon reported that upwards of 66% of all data breaches are the result of phishing or related activities.
Offboarding employees are often your overlooked insider threat. Often, people leaving companies feel like the work they did is their intellectual property and that they should be able to take it with them to their new job to help give them a leg up. Other times, someone may be leaving a company on bad terms and be both a physical security risk as well as a data loss risk.
Defending Against Insider Threats
So how do we protect ourselves from insiders. Well, first I would argue that you can never fully be protected from insider threats. A person with an agenda often will figure out how to achieve their end goal in some fashion if it is important enough to them. Other times, people simply make mistakes. However, the risk certainly can be lessened.
First, it starts with polices and enforcement. Policies will do little to dissuade a malicious insider, but they go a long way to protecting you from your trusted employees and even some off-boarders. When staff is trained and policies are enforced through technology and monitoring, you decrease the likelihood that an employee will click that bad email or even take intellectual property they developed when they leave. I make the argument that the single most effective way to protect yourself against insider threats is through training.
Second, implement technical controls to protect yourself. Employing security monitoring and detection can alert when data is being taken off the network, there is unauthorized access to sensitive files, or escalation of privileges. Additionally, implementing Data Loss Protection solutions can help prevent data from being removed off the network and it inventories and classifies the data so that you know what data is most important and needs extra security.
Finally, we can’t forget about the physical security element of the insider threat. Having adequate physical security place ranging from ID badges, security cameras, and building ingress/egress security goes a long way to both protecting data and securing your people.
As a final illustration, I have personal experience with Insiders. One of my employees in 2013 is now the poster child of the Insider Threat: Edward Snowden. Edward stole over a million top-secret documents out of the National Security Agency and fled to Hong Kong then to Russia. He gave many of those files to journalists who published them. This did massive damage U.S. intelligence capabilities.
Protecting Your Company’s Data from the Insider Threat Webinar 6/26
If you are interested in learning more about the Insider Threat profile and how you can protect your company’s data from these type of threats, I will be covering this topic in an online webinar with our partner TIG on Tuesday, June 26 at 11:00 am PST. I will also speak to my personal experience with Edward Snowden and the lessons I learned from that event. You can register here.
About Security On-Demand
Security On-Demand is an industry pioneer and recognized innovator within the managed security space. We are leading the industry in threat detection through behavioral analytics and machine learning.