Jan 06

Cyber Experts: Thwarting Insider Threats Takes A Holistic Approach

By Sarah Sicard

Insider threats, whether they are foreign spies, disgruntled employees or embezzlers, can’t be stopped with software alone, experts at a cyber security summit recently warned. The last step a company trying to protect its intellectual property should take is installing new computer programs.

“Look at the impact that the Snowdens and the Mannings have,” said Michael Madon, vice president and general manager of RedOwl Analytics. “Part of the challenge we have — [as] the leadership — is to inform and create a holistic program.”

An insider threat is one that comes from within an organization — perpetrated by a person with access to information such as company data and security practices. There are several categories. There are foreign agents out to steal secrets. There are workers leaving for a new job that abscond with valuable data or are angry enough at management to vandalize systems. Some are simply greedy and engage in embezzlement.

While outside hackers make all the headlines, they only comprise 40 percent of data breaches, said Mike Crouse, director of insider threat strategy at Raytheon Cyber Products. The remaining 60 percent are insiders.

But software is not a cure-all, he added. Firewalls and detection systems don’t fix everything without a solid foundational program for preventing, exposing and handling threats.

51 percent of employees feel it’s acceptable to take corporate data because their companies don’t strictly enforce policies, and 37 percent have shared data without permission from their employers

Panelists said buying software should be the last step in a multi-faceted approach to targeting insider threats.

Privileged users, those who have been granted exclusive access to data within a company, are a major concern for organizations. Those given that status should be monitored closely because they have “exceptional access to the data,” said Larry Knutsen of the Laconia Group, a national security consulting service.

Daniel Velez, director of insider threat programs at Raytheon Cyber Products, said that there is an unsettling lack of concern toward insider threats among organizations and their leadership.

According to a Raytheon chart, “Building a Modern Insider Threat Program,” 51 percent of employees feel it’s acceptable to take corporate data because their companies don’t strictly enforce policies, and 37 percent have shared data without permission from their employers.

Because leaders often focus on perimeter safety measures to thwart outside hackers, they miss what is happening on the inside, Madon said.

For this reason, it is important to change company culture, Crouse said.  If a company increases the strength of one of those forms of protection, it can’t lessen others, Madon said.  “Putting up one system isn’t going to cut the mustard.”

 

The hardest part, however, is getting leaders to see the necessity in creating this underlying system, panelists agree

Leave a Reply

Your email address will not be published. Required fields are marked *