Taking Control of Insider Threats
By John H. Rogers, CISSP
When we think of cyber threats and cyber-attacks, most of us associate these things with outsiders, external forces with no connection to us other than through a criminal act. However, according to statistics, a high percentage of cybersecurity related events are the result of insider actions. The insider threat is one of the most unsavory of threats because in many cases it involves the people we work with. It can be a breach of a trust relationship, which is hard to deal with.
Any attack inside your perimeter can be considered an insider threat, including:
- Intentional abuse of access;
- Misuse of privilege; and
- Inadvertent compromise.
Insider does not necessarily mean employee. It’s anyone who has access to your internal network, including services providers and contractors. Snowden was a contractor. The HVAC vendor responsible for facilitating the Target breach by clicking on a link in a phishing email was considered an insider.
There are two types of insider threats. The first is the unwitting insider threat, or inadvertent actor. They are typically unaware and fall victim to common social engineering tactics, such as phishing, vendor spoofing, or pretexting. People are typically the weakest link in security because human nature makes us vulnerable.
The second type is the active insider threat, which is malicious in nature and is typically perpetrated by disgruntled, troubled, or just greedy insiders. Hackers are actively advertising for help from specific company’s employees to join the dark side. Desperate people can do desperate things. Good people can do bad things.
The good news is that there are things you can do to deter, and in some cases prevent, insiders from compromising your network. How you run your organization, and your culture, are important factors.
John Rogers spoke on Taking Control of Insider Threats at the MaHIMA Fall Meeting. He discussed how to identify malicious insiders, tactics to help avoid compromise, and tips to detect and respond to insider threats.
John H. Rogers, CISSP, is the Manager of Professional Services at Sage Data Security of Portland, ME, and an information security professional since 2002. John has worked with organizations of all sizes, in private and public sectors, to create, manage, and oversee comprehensive and effective cybersecurity programs. John endeavors to educate people at all organizational levels about their role in protecting sensitive information, customers, coworkers, and their communities, by promoting Cybersecurity Culture in their workplaces.