Are employees our biggest cyber security challenge?
Hear what leading security experts have to say about insider threat
On 21 February 1994 and 18 February 2001, two of the most dangerous insiders ever identified were arrested. One insider, Aldrich Hazen Ames, worked for the Central Intelligence Agency (CIA) and brazenly flashed his cash, house, car, Rolex watch and Armani suit all the while. The other insider, Robert Phillip Hanssen, worked for the Federal Bureau of Investigation (FBI) and lived within his means in a middle-class neighborhood. Ames continued his activities for almost a decade, and Hanssen continued his deeds for almost 22 years. Because of their acts of espionage, many lives were lost and much sensitive intelligence information was compromised.
How could these two have slipped through the cracks in two agencies with the best training and equipment to detect insiders? If the CIA and FBI can’t identify insiders within their organizations, what chance does your company have to thwart an insider threat?
The answer is, plenty.
During my law enforcement career, I specialized in behavioral analysis and interview and interrogation. Later, I ended up instructing at the National Security Agency (NSA) and to members of the CIA, FBI, US Secret Service, state and local law enforcement and the military. Some of my students did the damage assessment on the Ames, Harold James Nicholson and Earl Edwin Pitts espionage cases.
These traitors had been trusted employees through extensive background checks, polygraphs—the works. And yet they were more than willing to violate that trust. Many of you may say, “my work isn’t a matter of life and death,” or “it’s not that big of a deal.” Maybe so, unless you happen to work in the defense industry, critical infrastructure such as power and water, healthcare or the pharmaceutical industry. And consider the importance of having a job at a small business that supplies parts to Lockheed-Martin for the F-35 Joint Strike Fighter or at one of numerous businesses that are manufacturing technology for the Internet of Things (IoT). Other important jobs involve manufacturing cars, heart monitors, insulin pumps, wearable devices—the list goes on. If an insulin pump fails, that failure is pretty much a matter of life and death.
Every industry and technology I mentioned is being targeted by friendly and hostile nations and criminal organizations. And the easiest way to get access to them is through a trusted insider. Whether stealing credentials to allow access to a computer network, or passing intellectual property on a USB, you and your company can be a target from the inside. Combine human weakness with cybersecurity vulnerability and you have a recipe for a potent cocktail of disaster.
But the situation is not hopeless. A lot of easy-to-do actions can be taken that, if done early on, can help significantly reduce your risk to the threat of insiders.
Expert discussion of insider threat
What can you do to minimize insider threat? Are employees really the weakest link in the cybersecurity equation? For answers to these questions and more, take part in a live panel discussion with experts on 19 April 2016 at 1 PM ET where we'll discuss what to do when insiders threaten our security. Here are some of the key questions to be discussed:
- What do you think would be the most extensive damage done by an insider?
- How do we avoid hiring employees who are prone to insider threat? Are there indicators we can look for? Are these be evident in screening?
- What roles in an organization are most likely to pose insider threats?
- How can the human resources department and the chief information security officer (CISO) help prevent insider attacks?
- What dangers lie in thinking about insider threats as merely a technology problem?
- Is training the answer? What else should be done to mitigate insider threats?
- In an age when information is so easy to steal, what can we do to prevent insider threat theft when “trust” seems inadequate?
- How can we identify and counter external cyber threats that might be linked to insiders’ internal cyber threat activities?
- What are the primary motivations for someone to commit insider threat?
Bob Stasio is a senior product manager of cyber analysis with IBM i2 Safer Planet. Stasio brings nearly 14 years of expertise fighting top-tier malicious actors in the intelligence community, the US military, the NSA and the commercial sector. He also served on the initial staff of US Cyber Command. During the troop surge of 2007, his intelligence unit supported the detainment of more than 450 high-value targets.
Morgan Wright is an internationally recognized expert on cybersecurity strategy, cyber terrorism, identity theft and privacy. His landmark testimony before Congress on Healthcare.gov changed how the government collected personally identifiable information. He has made hundreds of appearances on national news, radio, print and the web, and he has spoken to audiences worldwide.
Scott N. Schober is a cybersecurity expert and president and CEO of Berkeley Varitronics Systems, Inc., a 40-year-old provider of advanced wireless radio frequency (RF) test and security solutions. Schober has overseen the development of numerous cell phone detection tools used to enforce a “no cell phone policy” in corporate, correctional, law enforcement, military, secured government and university facilities. He regularly appears on Arise TV, Bloomberg TV, Canadian TV News and as a cybersecurity expert with numerous appearances on Al Jazeera America, CCTV America, CNBC, CNN, Fox Business Channel, Fox News, Inside Edition, MSNBC, One America News (OAN), PIX11, TheBlaze and more. Schober has also presented as a subject-matter expert (SME) discussing cybersecurity and corporate espionage at numerous conferences worldwide.
Paul Janes is a certified information systems security professional (CISSP), has global information assurance certification (GIAC), and is a geographic information systems professional (GISP). Janes is also president of CoreTriad, LLC, a locally owned company that specializes in vulnerability assessments for small businesses and develops online training for cybersecurity professionals. He is a SME most recently involved in the development of an accredited Cyber First Responder Certification and is a speaker for industry security conferences. Janes has more than 19 years of experience in IT security at a local Fortune 500 company. Areas of expertise include vulnerability assessments, penetration tests, data loss prevention (DLP), risk management, project management and server management.
Here are a few resources to review in preparation for this discussion:
- Cybersecurity Alert: Employee Mobile Devices Make Your Company Vulnerable to Attacks
- Chelsea Manning Reveals Anti-whistleblower Insider Threat Surveillance Program
- Department of Homeland Security (DHS)