In the Iliad, the Greek armies lay siege to Troy, but despite their martial might, Greece’s warriors cannot overcome the Trojan defenses. Through acts of cunning and deception, however, Greece slips behind Troy’s walls inside a wooden horse. Once inside of Troy, the victory is assured – Troy’s formidable walls useless against the attack that came from within.
Governments and companies today face many external threats, but perhaps the greatest danger comes from insider threats who have already gained access behind the defensive walls. Guarding against such insider threats is a vital, complex, and expansive task.
Over 4 million Americans hold a security clearance. Millions more have access to government facilities. All these individuals must be vetted and screened to ensure their trustworthiness. The Defense Counterintelligence and Security Agency alone is responsible for conducting over 2 million background investigations every year. To effectively find and mitigate threats within this huge population is truly a Herculean task.
The challenge is also not limited to the world of governments and spies. Corporations face a daunting barrage of attacks aimed at stealing intellectual property or personal information. Successful attacks can ruin lives and livelihoods, damage corporate reputations, or cost millions of dollars to repair.
Whether the stakes are national security, identity theft, or intellectual property, the challenge of countering insider threat is too important to take a reactive approach. Today’s approach to meeting this challenge relies too heavily on outdated data and notions of risk. A more comprehensive, proactive technique is needed that leverages established methods in addition to using modern artificial intelligence-driven processes that bring the broader world of publicly available information (PAI) to bear in counter-insider-threat missions. Such a modernized approach will maximize information, mitigate threats, and stop problems left of boom.
Limits of Traditional Approach
The investigative tools currently used to counter insider threats have not changed significantly in decades. Governments and companies are given certain information by their employees that is then used to assess the trustworthiness of individuals. Overwhelmingly, the process relies on generally accurate but relatively static data from credit reporting bureaus and data aggregators that provide addresses, phone numbers, financial information, and arrest or court records. If anything suspicious pops up in these datasets, investigators can dig in for more information via old-fashioned gumshoeing.
This information can be very valuable, but in today’s information environment it is not sufficient. With the explosion of PAI, investigators need to go beyond the traditional approach to obtain a fulsome and dynamic understanding of potential threats.
The current approach misses the mark on both quantity and quality of data. From a quantity point of view, the traditional techniques for monitoring insider threat use only a tiny fraction of available data. Even if investigators use search engines to “investigate” potential risks, they will only be searching the surface web — less than 2% of available online data.
The type of data returned in the traditional approach is also incomplete. Someone’s dissatisfaction with their employer will not show up in their credit record or arrest history. Indeed, someone can easily hide potential risks like extremist activity or connections to foreign governments without them ever appearing in the currently leveraged data. By casting a broader net that examines the surface web and the deep and dark web, investigators will be aware of potential dangers that could easily be missed without this more comprehensive approach.
The Right Approach
An effective effort to combat insider threat must use all the resources available to identify potential risks, specifically leveraging PAI. Because of the size and complexity of available data, however, modern technologies that harness the capabilities of artificial intelligence and machine learning (AI/ML) are essential to the success of this new approach.
An updated counter-insider-threat program would use the rich data within the traditional process as seed data for further investigations. Through entity resolution (verifying that multiple data points are referencing the same real-world thing) and powerful search processes that look for potentially important or derogatory information regardless of language, investigators can develop a complete picture. Critical information can be discovered across social media platforms, news sites, public records, blogs, message boards, dark web marketplaces, and illicit forums. Advanced analytics that use topic modeling and link analysis can also assist investigators by quickly highlighting the most critical information while filtering out noise.
In addition to broadening the pool of data, this modernized approach offers several other advantages. When using automated, AI-enabled processes, companies and the government can standardize insider threat missions and mitigate human bias. The result is the ability to screen more individuals more thoroughly in less time. Comprehensive, efficient screening mitigates risks to an organization and it also saves money.
It’s All About the “Why”
Insider threats are real and ever-present. It is incumbent on leaders to appropriately address the risks posed by those within their organizations. The current approach to countering these threats, however, is outdated and unnecessarily exposes organizations to escalating risks.
Like ancient Troy, the real danger often lurks within our defenses without our knowledge. A new process that fully leverages the capabilities of PAI and AI/ML is necessary to effectively combat the dangers of insider threat.
At stake is nothing short of the lives and livelihood of hard-working, honest people. That’s why the risk of not modernizing is simply too great.
The views expressed here are the writer’s and are not necessarily endorsed by Homeland Security Today, which welcomes a broad range of viewpoints in support of securing our homeland. To submit a piece for consideration, email [email protected].