What is it?
A hostile action against an organization performed accidentally or maliciously by individual(s) who possess intimate knowledge of, and access to, a company’s infrastructure, security, and business processes.
Why is it important?
The term is important because insider threat is one of the main causes of data exfiltration – theft of data – affecting organizations today. Insider threats can cause grave damage to an organization’s finances and reputation.
Why does a business professional need to know this?
As organizations try to gain application and infrastructure efficiencies with cloud and virtualization technologies, they are flattening the network, eliminating system silos, and connecting systems company-wide. This has led to more and more people having broad, privileged access to company data and resources.
With increased access comes a greater potential for abuse, both malicious and accidental. Business professionals must ensure that proper security controls are in place to ensure that permissions are used appropriately.
Two critical security controls are training and employee monitoring:
- A robust security training and threat awareness program helps reduce the success of phishing and social engineering attacks by helping employees learn how to avoid accidentally releasing privileged user information to outside malicious actors.
- Behavioral monitoring software can track employee behavior on the network and detect actions that appear to be unauthorized, suspicious, or malicious. Such software can often prevent such activity in real time, by logging questionable activities and notifying the appropriate stakeholders of suspicious employee actions(Tynan 2011).
Insiders have different motivations, including financial, competitive, nationalist, or even simply a desire to cause mischief or chaos. Verizon’s Data Breach Digest describes a variety of case studies, including one where an insider stole more than 500,000 British pounds by manipulating a banking system to redirect money to offshore accounts(Verizon 2017a).
References
- (US DHS 2016) Insider Threat Tip Card: US Dept. of Homeland Security (2016). PDF. Best practices for addressing organizational, behavioral, and technical security issues and mitigating insider threats.
- (Wallbank 2017) Businesses warned of insider cyber threat: Wallbank, Paul (2017). Financial Review. Discussion of insider threats and how financial gain, revenge, and desire for recognition drive insiders to intentionally disclose sensitive or personal information or take malicious actions against the organizations for which they work.
- (Tynan 2011) IT admins gone wild: 5 rogues to watch out for: Tynan, Dan (2011). InfoWorld. Advice on how to detect rogue insiders and minimize the damage they can do.
- (Verizon 2017a) Data Breach Digest: Perspective is Reality: Verizon (2017). PDF. Statistics, metrics, and insight into the who, what, where, when, and how of data breaches and cybersecurity incidents. The case study titled
Partner Misuse -- the Indignant Mole,
is on page 24. - (Disley 2001) Exclusive: Poo listed on ham ingredients: Disley, Jan (2001). Real-world example of an insider intentionally altering the content of a luncheon meat product label.
- (Papenfuss 2017) Washing Instructions On U.S.-Made Bag Apologize For ‘Idiot’ President: Papenfuss, Mary (2017). Huffington Post. Real-world example of an insider intentionally altering the care instructions label on a handbag.
About Thomas Carey
Thomas Carey has over 12 years’ experience in information security practices, with a strong knowledge of both government and corporate security requirements. He currently works with Science Applications International Corporation (SAIC) as a chief software systems engineer. He holds the following certifications: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), and Security+. He has experience in database administration, system administration, cloud, and virtualization technologies.
Term: Insider Threat
Email: thomascareyjr@gmail.com
Twitter: @doctomtomx2
LinkedIn: linkedin.com/in/thomascareyjr