If you’re worried about the risk of insider threats, you’re not alone. It can affect anyone, even the FBI. A federal grand jury has just charged a former intelligence analyst with stealing confidential files from 2004 to 2017. That’s an incredible 13 years of “What are you doing with that pile of classified material?”. Even more so, considering the indictment states the defendant did not “…have a ‘need to know’ in most, if not all, of the information contained in those materials”.
There’s lots of ways this kind of data collection and retention could go wrong. What happens if the person hoarding the documents decides to sell to the highest bidder? Or even just starts giving it away to specific entities? Could it all be digital? What happens when a random third party compromises the PC / storage the files are located on?
How about a plain old burglary, with unsuspecting thieves swiping an inconspicuous looking external hard drive?
However you look at it, this is not a great situation for those files to be in.
The safe zone is compromised
Organisations have multiple problems dealing with the issue of insider threats. They feel more comfortable locking down their data from outside entities. Mapping out ways to keep the soft underbelly of the organisation protected from its own employees is more difficult.
This makes sense. It’s frankly overwhelming for many businesses to figure out where to even begin. How many physical security experts do people know? What about social engineers? Hardware lockdown specialists? The IT department should know their way around firewall configuration. However, there may be weak spots in auditing folks with privileged IT access.
Is there someone at a business who has an idea that printer security is even a thing? If not, that could spell trouble.
Anyone can be a security risk
There’s many forms of insider threat, which we’ve explored in great detail. They differ greatly, and their motivations can differ considerably from individual to individual. If you’ve never considered the difference between intentional and unintentional insiders, and all the different varieties thereof, then now is a great time to start.
If your approach is simply “a bad person wants to steal my files”, any potential defences likely won’t contain enough nuance to be sufficient in the first place. It’s a big, complicated problem. There are lots of moving parts. It needs the same level of thought and attention given to other areas of business security elsewhere.
Some additional reading
This FBI insider threat story is quite timely, given how much attention the subject is experiencing recently. Some additional reading for your consideration:
- Don’t make headlines over an insider incident: A good piece which digs into the potential costs of insider mishaps, complete with a report looking at where to focus on possible areas of attack.
- It’s time to prepare for a rise in insider threats: Focuses on maximising budgets, and tackling ways to more quickly identify when data is ending up in places it shouldn’t be.
- Insider threat fundamentals and mitigation techniques: Digs into “usual suspects and red flags”, including employees who don’t follow best practices and unwittingly aid an attacker. Also includes a link to an FBI article which explains how to detect and deter insider spies.
- Defend against insider threats from remote workers: The pandemic has made businesses think differently about unexplored angles of insider threats.
- “More than half of U.S. companies hit with privileged credential theft, insider threats last year”: A piece of research reveals some worrying findings in relation to how cybercriminals are accessing sensitive data.
This is hopefully just the splash of light reading material required to get you up to speed on this insidious form of data exfiltration.