The Raven Group | 13 April 2017
When security breaches make headlines, they normally tell the story of something that sounds like a Hollywood drama. Technology failed or the cunningness of an outside actor was so great they “beat the system”. These stories are exciting to read but are not always reflective of the challenges faced everyday by companies across the wide spectrum of industries in today’s business world. The reality is that regardless of the size and scope of the security breach, it is usually caused by someone inside the company either through an inadvertent action, mistake, or someone with malicious intent.
The Insider Threat is one that effects companies of all size and across all sectors. In the 2016 Cyber Security Intelligence Index, IBM found that 60% of all attacks were carried out by insiders. Of these insider attacks, 75% involved malicious intent, and 25% involved inadvertent actions or unwitting insiders. Healthcare, manufacturing & distribution, and financial services were the top three industries under attack according to the report. This is due in large part to the personal data, intellectual property, physical inventories, and financial assets they maintain.
While industries differ in terms of their operations, inventories, assets, and technology, they all have one thing in common – PEOPLE. Any one of their employees is a potential insider threat. Most companies have faith in their employees and most employees are good people. While some may come to work at a company with ill intent from the beginning, many of the insider attacks that have been carried out are a result of an employee that has changed in some manner. The personal vulnerabilities are numerous and change over time as a person’s life changes. Some examples of different types of insider threats are:
Human Error: Many employees are diligent and trustworthy. However, we are all human and by default make mistakes. Be it the employee who inadvertently clicks on a phishing email, sends confidential company information to their home email address to work on later, or lost electronic devices, these mistakes can be highly damaging to a company.
The Employee Gone Rogue: Some good employees change over time for many reasons. Be it a change in their personal life, lack of advancement, social issues, political views, or relationships within the company – a trustworthy employee can go bad. Some become vulnerable to outside sources who manipulate, coerce, or threaten them to assist in stealing or hurting the company. Others hold grudges for numerous reasons and decide to hurt the company on their own. Their inside access makes them extremely dangerous and can be difficult to identify ahead of time if companies fail to put in place proper measures, procedures, and oversight.
The Outsider: The best known outside attacks are those conducted by faceless hackers. These are the focus of most cyber security programs and seek to identify their attacks and stop them before they gain access to corporate systems. Other outsiders are more difficult to identify such as corporate or economic espionage agents and criminals. They may try to gain unauthorized entry to company facilities, sneak in under the guise of 3rd party vendors or visitors, be members of potential client or partner groups, or attempt to gain employment at the company to gain insider access (the outsider becomes an insider).
Insider threats are the most dangerous because they leverage their insider credentials to steal information or manipulate systems which they have natural access to. Their detection is difficult as many will evade security technologies until it is too late. Some malicious actors can even erase evidence of their activities to complicate forensic analysis after the fact.
Some companies have taken these threats seriously and because of the difficulty in identifying insider threats, their safeguards have resulted in a “No Trust” environment. This normally becomes counterproductive as they impede innovation, creativity, and foster a lack of loyalty to the company. Other companies rely on technology, artificial intelligence (AI) and other software to identify trends and actions that are out of the norm. These technologies can be very useful but lack the human connection to the employees to truly understand them and their potential vulnerabilities. To truly protect corporate resources and business vitality, companies must couple technology with human systems, procedures, intelligence & analysis, and good management.
Counterintelligence (CI) is the profession of identifying threats via all-source intelligence and countering those threats before they cause harm. The US Government uses CI in many of its departments and agencies for obvious reasons. With the growing threats to corporations and the sophistication of attacks, Corporate Counterintelligence (CCI) is needed to pull together intelligence from all aspects of the company, both internally and externally, to identify potential threats, vulnerabilities, risk, and provide remedial solutions to mitigate these issues. While CCI can be greatly aided by technology, AI, and other IT based systems, it must account for the “human factor” and understand the company’s employees who are the potential insider threats.
When the next big hack makes media headlines, remember that purely outside actors account for less than half of the attacks on corporations. The chance that the outsider had insider help, either knowingly or not, is most likely. Insider attacks fail to make it to the front page but cause the greatest harm to companies.
The Raven Group is a Corporate Counterintelligence consulting firm that helps companies protect their data, systems, trade secrets, intellectual property (IP), employees, and reputation. Raven’s consultants of former CIA Intelligence Officer and Federal Law Enforcement Special Agents have spent a lifetime protecting our nation from threats of every kind and are second to none. Let us bring that expertise to your company.