Insider Threat: it’s one of the biggest and most persistent issues in cybersecurity. High-profile cases – Manning, Snowden, and others – have kept the issue in the public eye; government security personnel are rightfully concerned. In addition to the willfully malicious, though, many insiders lack ill intent, but pose a threat just the same.
Perhaps the most common type insider threat is the careless user, with users who click on phishing e-mails leading the parade. I have blogged before on the psychology of the typical “victim” of phishing attacks, but there are many other types of carelessness as well: using laptops on public WiFi with no protection; losing laptops or USB drives; letting others, perhaps children, use a work computer. These may not be the actions of a malicious employee, but they can expose an organization to compromise just as surely as someone with a nefarious motivation.
Another class of threatening insider is the honest employee who purposefully skirts security measures because they see them as impediments to their work. They see themselves as virtuous: find the most efficient way to do their job, justifying their flouting of the rules by a commitment to good intentions.
Finally, we have the truly illicit insider, acting with no positive intent, and with full knowledge of the illegality of their actions. I personally gathered evidence on two such insiders, and I’m proud to say this evidence helped to convict them.
Detecting insider threats is a mixture of psychology and technology. There are many approaches, depending on an agency’s specific needs. Targeted user training can help diminish the phishing threat, machine-learning systems can detect anomalous behavior, data-loss prevention (DLP) systems can spot data going where it should not, and a commitment to the “Zero Trust” may help to create a more security-conscious culture.