October 7, 2016 | Security and Risk | Lauren Horaist
Just three short years after NSA contractor Edward Snowden brought insider threats to the forefront, the agency has once again made headlines. News broke this week that a former NSA contractor—employed by the consulting firm Booz Allen—was recently arrested and is being investigated by the FBI for potentially stealing top-secret computer code used to hack into foreign government networks. The New York Times has full details.
Despite significant increases in cyber security awareness, as well as new rules detailed in the National Industrial Program Security Operating Manual (NISPOM) that charge contractors to establish programs to identify personality indicators of malicious insider threats, government agencies and private sector organizations alike haven’t learned their lessons and are failing to employ security basics designed to unmask insider threats.
Though malicious insiders account for fewer incidents than unintentional insiders, malicious inside attacks are the most difficult to detect and carry the highest costs when compared to other non-malicious breach types. It makes sense—your trusted employees don’t fit the “typical profile” of an attacker, so they can often operate stealthily under the radar for long periods of time.
Third-party contractors add another layer of complexity: Because they are not fully controlled and managed by your organization, it can be especially difficult to secure all of these users and their endpoints. For example, external users can easily share privileged account credentials used to access sensitive information, or technology vendors can embed privileged accounts in the systems they manufacture—all without your knowledge or permission.
Why Insiders “Go Rogue”
When it comes to malicious insiders, there a few common motivations that are seen across a wide variety of attackers. Many malicious insiders are simply frustrated or angry; they often feel as if their employer or manager has done something wrong. Others are motivated by financial reasons. Others are similar to hacktivists, in that they are motivated by political and personal beliefs. Still others may be influenced by an outside party, such as a crime ring or nation-state that is using blackmail to coerce behavior.
To effectively protect against both malicious and non-malicious insider threats, organizations must first understand what the insider threat truly is. Our new eBook, The Danger Within: Unmasking Insider Threats, outlines the who, what, why and how of the insider threat to expose risks you may not be considering, and provides guidance to help prevent and detect these potentially damaging and costly attacks.