Insider threats are increasingly on our radar, we saw a recent example in Australia with an Bluescope Steel employee taking out company documents. Also two scientists at Glaxo Smith Kline research scientists in another well publicised incident- Yu Xue and Lucy Xi, were charged with stealing trade secrets.
Now in the murky shadow of wikileaks, we have if you like ‘a whistleblower on whistleblowers’. A new insider threat program is to identify these malicious individuals has been created by Obama administration’s USA Office of National Intelligence, noted that:
“An insider threat arises when a person with authorized access to U.S. Government resources… uses that access to harm the security of the United States. Malicious insiders can inflict incalculable damage. They enable the enemy to plant boots behind our lines and can compromise our nation's most important endeavours.”
This is not something that can be opted out from and you have no choice in this matter. In the USA, there are around 100,000 military, civilians and contractors that are under such surveillance.
In scope is total surveillance of US personnel that have specific access to classified information; and includes electronic emails, messages and communications (using what is referred to as ‘push and pull’ approaches)
The reality is that this approach is about monitoring electronic behaviour both on the job as well as off the job to detect potential threats. Indeed the US government is taking insider threats seriously.
Both the FBI and Department of Homeland Security agree that so called ‘insider threats’ have increased and pose a serious risk.
This level of surveillance will capture both the accidental and malicious.
An ‘accidental insider’ is those targeted by adversaries such as a spear phishing attack from a known source or friendly source. In the main such insiders are unaware that there is potential or actual risk.
On the other hand, ‘malicious insiders’ are individuals who set out to deliberately cause harm; they realise that their actions can cause real damage.
Clearly having an Insider Threat program will always be ultra sensitive. Most enterprises have some level of this monitoring that is underway. There are various tools that both monitor and prevent information leakage.
What is clear though is that often such reporting goes to someone is HR or even worse a member of IT. It is not that you that trust is an issue, but instead they (HR and IT) may have no idea what files are actually acceptable to be shared outside.
‘Best practice’ that I have seen is where the technology, process and people all intersect and a supervisor gets a notification of what files their staff members have copied etc.
Most enterprises also do not have a budget for insider threats and this also works against this being taken seriously. Instead we have to approach this problem with a mindset that ‘insider threat’ either innocent or malicious is a near certainty.
Taking that approach means we have to be always on the lookout to detect such patterns and don’t wait for an issue to occur.
Against the HR grain
This also means that we proactively monitor our staff at the same time that we impeach empowerment and giving authority to teams. There are also modern day work pressures that work is no longer just performed in the office, sending a file to one’s home email address may be innocent but can’t be allowed in today’s world.
A recent Harvard article talked about “how most of us think about trust as a black and white decision”.
“We trust you or we don’t. In business relationships, trust is rarely so clear cut…… rather than black or white, a better approach is to think of trust more like a barometer. Trust goes up and down depending on the circumstances”
Unfortunately it is not good enough to use your natural tendency and base trust on gut reaction. We all need to look at putting an Insider Threat program and specifically a Continous Monitoring approach.
Take this 5 minute survey on The State of Cloud Storage & Collaboration 2016 and go in the draw to win a $500 Visa credit card.