Insider Threats Take Center Stage

Are insiders or outsiders the greatest IT threat to enterprise security? Lately, the pendulum seems to be swinging towards the insider threat.

by / June 29, 2013 0

The debate continues: Are insiders or outsiders the greatest IT threat to enterprise security? Lately, the pendulum seems to be swinging towards the insider threat around the globe.

Over the decade, there had been a constant debate amongst security professional regarding this topic. Back in 2008, Bruce Schneier pointed out that outsider attacks are much more frequent, but insider attacks typically cause more damage. The current situation with Edward Snowden seems to support this perspective.

       President Obama recently stepped up efforts to combat insider leads of classified information within the federal government and associated contractors. Here’s an excerpt from a recent MSNBC article on this topic:

“… In addition to launching the Insider Threat Program, President Obama has prosecuted more alleged leakers than all other presidents in U.S. history combined. But the government’s response doesn’t even seem to have been particularly effective; two years after the launch Insider Threat Program, the NSA still failed to prevent Edward Snowden from leaking the details of PRISM.”

What is clear is that federal agencies have taken steps over the past two years to address the insider threat situation. Here are some of the related questions and answers from the Peace Corps and others regarding actions taken:

“… The Peace Corps takes very seriously the obligation to protect sensitive information and is working to implement Executive Order 13587 as directed by the President. The agency has identified a senior official to oversee classified information sharing, safeguarding efforts, and implementation of an insider threat detection and prevention program. The agency has conducted the required internal assessment, and a cross-departmental team of Peace Corps staff has been identified and trained to support the program. The Peace Corps is working in coordination with the National Insider Threat Task Force to ensure the security of classified networks and the responsible sharing and safeguarding of classified information.”

Two Newer Insider Threats

 I wrote a piece last week for Chief Security Officer (CSO) Magazine which described two new insider threats to consider, which include the conscientious objector in your midst as well as wearable technology.

I think more public and private sector staff, who disagree with their company’s ethics, policies or procedures, will take unauthorized actions in the future. Or, employees will go public with management’s enforcement (or lack thereof) regarding security or privacy policies, rather than work through company
prescribed guidelines.

Another hot topic in the press right now is wearable technology from glasses to watches to gloves. While this new technology is getting a mixed greeting from privacy advocates, most experts see wearable technology as inevitable. But are enterprises ready? Will wearable technology become another aspect of bring your own device (BYOD) to work anytime soon?

Moving Forward

Dealing with insider threats has been hard for years. No one is exempt from dealing with our changing technological landscape or our own role in helping secure the enterprise.

Still, one key mitigation step is to adopt more transparency regarding company policies and the corresponding back-office behaviors of employees regarding security and privacy. New technology involving the use of “big data” makes this topic especially important as we move into 2014. Second, start a conversation with your employees. Work through issues the old fashioned way – do lunch (or coffee). Take advantage of the innovative ideas and even concerns of your team members.

You can also implement Security Information and Event Management (SIEM) to help improve your log management and oversight of who is doing what on your networks – especially with critical and sensitive data. The “double check” methods and having clearly identified controls and processes in place to enforce security is an excellent way to deter insider threats.  

In conclusion, I wrote this blog over three years ago which asks: Are you an insider threat? The problems of building trustworthy teams only seems to be getting more difficult in 2013. One friend asked, if NSA – with all of their technology, polygraphs, and background checks – has problems, what hope do we have?

 I don’t have any simple answers for these new insider threat scenarios. But two final resources from the RSA conference and CERT.org may provide some ideas and further support on addressing insider threats.

 

 Also, this website is a great resource:  http://www.cert.org/insider_threat/

More on this insider threat topic later this summer…

What your opinion, are insiders or external threats the greater IT risk right now? 

 

 

Dan Lohrmann Chief Security Officer & Chief Strategist at Security Mentor Inc.

Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker and author.

During his distinguished career, he has served global organizations in the public and private sectors in a variety of executive leadership capacities, receiving numerous national awards including: CSO of the Year, Public Official of the Year and Computerworld Premier 100 IT Leader.
Lohrmann led Michigan government’s cybersecurity and technology infrastructure teams from May 2002 to August 2014, including enterprisewide Chief Security Officer (CSO), Chief Technology Officer (CTO) and Chief Information Security Officer (CISO) roles in Michigan.

He currently serves as the Chief Security Officer (CSO) and Chief Strategist for Security Mentor Inc. He is leading the development and implementation of Security Mentor’s industry-leading cyber training, consulting and workshops for end users, managers and executives in the public and private sectors. He has advised senior leaders at the White House, National Governors Association (NGA), National Association of State CIOs (NASCIO), U.S. Department of Homeland Security (DHS), federal, state and local government agencies, Fortune 500 companies, small businesses and nonprofit institutions.

He has more than 30 years of experience in the computer industry, beginning his career with the National Security Agency. He worked for three years in England as a senior network engineer for Lockheed Martin (formerly Loral Aerospace) and for four years as a technical director for ManTech International in a US/UK military facility.

Lohrmann is the author of two books: Virtual Integrity: Faithfully Navigating the Brave New Web and BYOD for You: The Guide to Bring Your Own Device to Work. He has been a keynote speaker at global security and technology conferences from South Africa to Dubai and from Washington, D.C., to Moscow.

He holds a master's degree in computer science (CS) from Johns Hopkins University in Baltimore, and a bachelor's degree in CS from Valparaiso University in Indiana.

Follow Lohrmann on Twitter at: @govcso