Insider threats pose major cybersecurity exposure
By Byron Acohido, ThirdCertainty
In the realm of cybersecurity, the name Edward Snowden is synonymous with insider threat. Snowden’s grand theft of National Security Agency spying documents, initially disclosed in June 2013, became the source of a steady drumbeat of revelations, leaked incrementally to major media in the U.S. and U.K.
ThirdCertainty corralled TK Keanini, chief technology officer at Lancope, supplier of network visibility and security intelligence systems, to discuss the wider significance.
Infographic: The reality of insider threats
3C: How big is the problem of insider threats?
Keanini: It’s not the size of the problem; it is the problem. If we look back in history, organizations and individuals established a connection to the Internet and were immediately attacked, so they put up defenses like firewalls and perimeter defenses to keep the attacks from being “pushed” to the targets. This, in turn, caused attackers to go back and devise alternative ways to get inside the network, which brings us to the current day when most attacks are “pulled” in by the victim and most perimeter defenses fail when the users are compromised by their own request. This is at the heart of insider threats today.
3C: How much of this can be blamed on simple negligence?
Keanini: It is hard for me to point to the problem and call it negligence because there are so many who could be called negligent in this ecosystem. If a user clicks on a URL that has been shortened and is compromised, was that user presented with enough information for that decision?
In the end, everyone in their lifetime will be compromised more than once because even if we are secure today, there’s no guarantee for the next day and so on. We must not focus on the fact that machines and users will be comprised, but focus, instead, on the timely identification of this problem so that precise action can take place to stop the attack before it makes it to the objective.
3C: How much of a concern is disgruntled workers?
Keanini: Disgruntled workers are always a problem. In fact, all of this begins with effective background checks even prior to employment. I don’t think companies do enough in this area, and those same companies don’t have enough in place to even know when rogue employees take data or compromise systems, so the problem is much worse than is being measured by definition.
3C: Can you frame why this isn’t just an issue for the NSA and big corporations? What stake do SMBs have in this?
Keanini: Every organization in every sector is being targeted because they have information that is useful and can be monetized by someone on the dark markets. Information on an individual may not seem obviously valuable until it is synthesized with other data sets, and pretty soon you make inferences and decisions on how that person is connected or fool them by phishing them from an individual they trust and attackers can impersonate well enough to get you to click or download malware. Everyone is a target and as a community we can better defend ourselves.
3C: What are some basic first steps to address this?
Keanini: Do what you can proactively to ensure that individuals have gone through proper reference and background checks. Ensure they have the proper training and education so that current threats are known and trusted communication channels are protected. Last but not least, ensure that you have telemetry on the network such that the network itself acts as a sensor and that any type of network anomalies are detected in a timely and accurate manner.
More on emerging best practices
3 steps for figuring out if your business is secure
5 steps to secure cryptography keys, digital certificates
6 steps for stopping hacks via a contractor or supplier