FBI Cyber Leader: Confront the Insider Threat in the Business Community

Today’s increasing ability to share and access information has caused organizations to become more vulnerable to external challenges, such as cyberattacks. Nonetheless, information accessibility from within the workplace can also cause significant problems when organizations fail to protect their intellectual property and business processes, such as vendor payment processing. Unfortunately, insider threats, both unintentional and malicious, remain underestimated. Businesses need to prioritize their approach on this matter before the damage becomes irreversible. Prior to implementing any preventive measures, however, it is important to understand who can become an insider threat and what may motivate these individuals to breach and steal sensitive data from their own employer.

In the cyber realm, anyone can accidentally become an insider threat. IT administrators, third-party contractors, and even your C-suite non-technical employees can inadvertently provide or grant access to the company’s intellectual property or accounting department through a variety of means. This includes over the phone, by clicking on links within spam email, or from accidental leaks. In fact, a 2016 report by the Ponemon Institute reported 68 percent of the 874 insider incidents they analyzed were due to employee or contractor negligence. Moreover, employees who regularly perform wire transfer payments are particularly vulnerable to business email compromise (BEC) attacks. This type of scam compromises legitimate business email accounts to request unauthorized transfers of funds. Accounts are accessed through social engineering techniques, such as false password reset emails, to capture valid credentials for the scam. Essentially, carelessness and poor cybersecurity training can cause unwanted data breaches or theft.

On the other hand, insider threats can also include employees seeking to cause intentional harm to the company or others by deliberately sabotaging critical infrastructure. Their efforts can go unnoticed for months or years when companies fail to invest in threat-detection programs. These individuals aim to disrupt the company’s systems or steal valuable intellectual property, including trade secrets. A variety of reasons may motivate them to commit these crimes. Greed or debt can often provoke employees to steal and sell their employer’s data to a domestic or foreign competitor. Revenge is another common motivation: a disgruntled employee wishing to retaliate against the company. A third common reason is ideology or divided loyalty to another company or foreign entity. The critical difference between these malicious insiders and external attackers is their legitimate access to your system and awareness of the security mechanisms in place. These types of unrestricted privileges allow threat actors to easily bypass your system’s protective measures. Therefore, unless companies invest in detection and preventative programs to monitor, train, and limit employees’ direct access to critical information, it is only a matter of time before a data leak occurs.

Considering this threat, there are several actions businesses can take to prevent sensitive information from falling into the wrong hands. Companies should prioritize training their employees to be vigilant in how they handle any system with critical information to avoid unintentional mistakes. This includes sensitizing employees to BEC attacks. Regardless of their position, all employees should also be trained to recognize what concerning activity or behavior looks like and how to report concerns internally. Unexplained wealth, financial problems, working during unusual hours without authorization, retrieving information outside of their responsibilities, remotely accessing the computer network while on vacation or sick leave, and short international trips without explanation are a few examples of red flags and unusual behavior to report.

On the technical side, businesses should invest in Data Loss Prevention (DLP) systems to encrypt sensitive data when it is at rest or in transit. Firewalls can be put in place to monitor network activity. It is essential for your security division to regularly update their systems and perform routine scans for malware or back doors. Security divisions should consistently log and review critical events. These include employees accessing sensitive data or spaces, printing and copying excessively, or downloading files. Identifying and tracking who has what type of access to the company’s critical data is vital and should be routinely updated. No employee should have exclusive access to a company’s intellectual property without a valid reason and proper vetting. Reasons should be reviewed on a regular basis as job roles and personnel change.

Internal honeypots can help businesses identify potential insider threats before they execute malicious behavior.  Businesses should establish a formal set of policies governing employee behavior with clear enforceable measures. These policies should reflect the company’s mission and values, and be enhanced by close coordination between security and human resource teams.

Technological advancements will always pose new security risks, some of which will be difficult if not impossible to identify. Therefore, risk mitigation should take place across the organization. External threats are more common and expected but internal threats should not be overlooked. The more measures put in place to prevent and detect internal suspicious activity, the higher the rate of success for mitigating insider threats. Ultimately, a strong risk-mitigation profile ensures the organization’s future profits and positive reputation.

 

The views expressed here are the writer’s and are not necessarily endorsed by Homeland Security Today, which welcomes a broad range of viewpoints in support of securing our homeland. To submit a piece for consideration, email HSTodayMag@gtscoalition.com. Oureditorial guidelines can be found here.

Mr. Marshall was appointed Deputy Assistant Director of the FBI’s Cyber Intelligence, Outreach, and Support Branch in August 2016. In this position, Mr. Marshall supports the Cyber Division’s mission to identify, pursue, and defeat cyber adversaries targeting global U.S. interests by overseeing efforts to enhance strategic partnerships and intelligence coordination.

Leave a Reply

Latest from Cybersecurity

Go to Top