Insider threats pose major cybersecurity exposure

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

In the realm of cyber­se­cu­ri­ty, the name Edward Snow­den is syn­ony­mous with insid­er threat. Snowden’s grand theft of Nation­al Secu­ri­ty Agency spy­ing doc­u­ments, ini­tial­ly dis­closed in June 2013, became the source of a steady drum­beat of rev­e­la­tions, leaked incre­men­tal­ly to major media in the U.S. and U.K.

Third­Cer­tain­ty cor­ralled TK Keani­ni, chief tech­nol­o­gy offi­cer at Lan­cope, sup­pli­er of net­work vis­i­bil­i­ty and secu­ri­ty intel­li­gence sys­tems, to dis­cuss the wider significance.

Info­graph­ic:  The real­i­ty of insid­er threats

3C: How big is the prob­lem of insid­er threats?

Keani­ni: It’s not the size of the prob­lem; it is the prob­lem. If we look back in his­to­ry, orga­ni­za­tions and indi­vid­u­als estab­lished a con­nec­tion to the Inter­net and were imme­di­ate­ly attacked, so they put up defens­es like fire­walls and perime­ter defens­es to keep the attacks from being “pushed” to the tar­gets. This, in turn, caused attack­ers to go back and devise alter­na­tive ways to get inside the net­work, which brings us to the cur­rent day when most attacks are “pulled” in by the vic­tim and most perime­ter defens­es fail when the users are com­pro­mised by their own request. This is at the heart of insid­er threats today.

3C: How much of this can be blamed on sim­ple negligence?

Keani­ni: It is hard for me to point to the prob­lem and call it neg­li­gence because there are so many who could be called neg­li­gent in this ecosys­tem. If a user clicks on a URL that has been short­ened and is com­pro­mised, was that user pre­sent­ed with enough infor­ma­tion for that decision?

T.K. Keanini, Lancope chief technology officer
TK Keani­ni, Lan­cope chief tech­nol­o­gy officer

In the end, every­one in their life­time will be com­pro­mised more than once because even if we are secure today, there’s no guar­an­tee for the next day and so on. We must not focus on the fact that machines and users will be com­prised, but focus, instead, on the time­ly iden­ti­fi­ca­tion of this prob­lem so that pre­cise action can take place to stop the attack before it makes it to the objective.

3C: How much of a con­cern is dis­grun­tled workers?

Keani­ni: Dis­grun­tled work­ers are always a prob­lem. In fact, all of this begins with effec­tive back­ground checks even pri­or to employ­ment. I don’t think com­pa­nies do enough in this area, and those same com­pa­nies don’t have enough in place to even know when rogue employ­ees take data or com­pro­mise sys­tems, so the prob­lem is much worse than is being mea­sured by definition.

3C: Can you frame why this isn’t just an issue for the NSA and big cor­po­ra­tions? What stake do SMBs have in this?

Keani­ni: Every orga­ni­za­tion in every sec­tor is being tar­get­ed because they have infor­ma­tion that is use­ful and can be mon­e­tized by some­one on the dark mar­kets. Infor­ma­tion on an indi­vid­ual may not seem obvi­ous­ly valu­able until it is syn­the­sized with oth­er data sets, and pret­ty soon you make infer­ences and deci­sions on how that per­son is con­nect­ed or fool them by phish­ing them from an indi­vid­ual they trust and attack­ers can imper­son­ate well enough to get you to click or down­load mal­ware. Every­one is a tar­get and as a com­mu­ni­ty we can bet­ter defend ourselves.

3C: What are some basic first steps to address this?

Keani­ni: Do what you can proac­tive­ly to ensure that indi­vid­u­als have gone through prop­er ref­er­ence and back­ground checks. Ensure they have the prop­er train­ing and edu­ca­tion so that cur­rent threats are known and trust­ed com­mu­ni­ca­tion chan­nels are pro­tect­ed. Last but not least, ensure that you have teleme­try on the net­work such that the net­work itself acts as a sen­sor and that any type of net­work anom­alies are detect­ed in a time­ly and accu­rate manner.

Free resources
Lan­cope e-book on com­bat­ing insid­er threats
Secu­ri­ty & Pri­va­cy Week­ly News Roundup

More on emerg­ing best practices
3 steps for fig­ur­ing out if your busi­ness is secure
5 steps to secure cryp­tog­ra­phy keys, dig­i­tal certificates
6 steps for stop­ping hacks via a con­trac­tor or supplier



Posted in Cybersecurity, Featured Story