(The link to the blog post is HERE that got this train a rolling.)
On 21 February 1994 and 18 February 2001, two of the most dangerous insiders ever identified were arrested. One insider, Aldrich Hazen Ames, worked for the Central Intelligence Agency (CIA) and brazenly flashed his cash, house, car, Rolex watch and Armani suit all the while. The other insider, Robert Phillip Hanssen, worked for the Federal Bureau of Investigation (FBI) and lived within his means in a middle-class neighborhood. Ames continued his activities for almost a decade, and Hanssen continued his deeds for almost 22 years. Because of their acts of espionage, many lives were lost and much sensitive intelligence information was compromised.
How could these two have slipped through the cracks in two agencies with the best training and equipment to detect insiders? If the CIA and FBI can’t identify insiders within their organizations, what chance does your company have to thwart an insider threat?
The answer is, plenty.
Trust is not a control
During my law enforcement career, I specialized in behavioral analysis and interview and interrogation. Later, I ended up instructing at the National Security Agency (NSA) and to members of the CIA, FBI, US Secret Service, state and local law enforcement and the military. Some of my students did the damage assessment on the Ames, Harold James Nicholson and Earl Edwin Pitts espionage cases.
These traitors had been trusted employees through extensive background checks, polygraphs—the works. And yet they were more than willing to violate that trust. Many of you may say, “my work isn’t a matter of life and death,” or “it’s not that big of a deal.” Maybe so, unless you happen to work in the defense industry, critical infrastructure such as power and water, healthcare or the pharmaceutical industry. And consider the importance of having a job at a small business that supplies parts to Lockheed-Martin for the F-35 Joint Strike Fighter or at one of numerous businesses that are manufacturing technology for the Internet of Things (IoT). Other important jobs involve manufacturing cars, heart monitors, insulin pumps, wearable devices—the list goes on. If an insulin pump fails, that failure is pretty much a matter of life and death.
Every industry and technology I mentioned is being targeted by friendly and hostile nations and criminal organizations. And the easiest way to get access to them is through a trusted insider. Whether stealing credentials to allow access to a computer network, or passing intellectual property on a USB, you and your company can be a target from the inside. Combine human weakness with cybersecurity vulnerability and you have a recipe for a potent cocktail of disaster.
But the situation is not hopeless. A lot of easy-to-do actions can be taken that, if done early on, can help significantly reduce your risk to the threat of insiders.
Expert discussion of insider threat
What can you do to minimize insider threat? Are employees really the weakest link in the cybersecurity equation? For answers to these questions and more, take part in a live panel discussion with experts on 19 April 2016 at 1 PM ET where we’ll discuss what to do when insiders threaten our security. Here are some of the key questions to be discussed:
- What do you think would be the most extensive damage done by an insider?
- How do we avoid hiring employees who are prone to insider threat? Are there indicators we can look for? Are these be evident in screening?
- What roles in an organization are most likely to pose insider threats?
- How can the human resources department and the chief information security officer (CISO) help prevent insider attacks?
- What dangers lie in thinking about insider threats as merely a technology problem?
- Is training the answer? What else should be done to mitigate insider threats?
- In an age when information is so easy to steal, what can we do to prevent insider threat theft when “trust” seems inadequate?
- How can we identify and counter external cyber threats that might be linked to insiders’ internal cyber threat activities?
- What are the primary motivations for someone to commit insider threat?