In order to defend against insider threats, you need an accurate picture of the problem. The CyberWire’s Carole Theriault spoke to a number of industry experts about insider threats and found that the issue is more complex than it appears on the surface. Dr. Richard Ford, Chief Scientist at Forcepoint, said that even the term “insider threat” gives a false impression of the problem by making us think solely of malicious actors.
“Most insider threats are perfectly well-meaning employees that end up doing something foolish, or getting convinced to do something foolish, that compromises your data or your security in some way,” Ford said. “So, to me, an insider threat is the threats that emanate from within, but it doesn’t necessarily mean they’re malicious....In fact, what you find is a lot of accidental insiders who you can help along to not being accidental insiders.”
Likewise, “MC,” the VP of Product at ObserveIT, separated insider threats into three categories.
“The first one is just users like you and me, who come to work with a good intent, hard-working, go back to home, family, friends,” MC said. “But at some point, we may do some negligent things. For example, taking a printout so you can read it on the train ride home, or taking home sensitive files so you can work over the weekend….The second category is where rogue insiders, more within the mix of having a bad intent, for whatever reason – maybe financial, maybe ideological, maybe some kind of bad performance review, some kind of a personal stress issue – ends up stealing something that they shouldn’t….And then there is a third category that people don’t think about, which is people falling victim to a phishing email coming from outside and they end up compromising their credentials.”
Dr. Ford added that some threats are purely malicious, and rooting them out helps protect all the other employees. In order to do this, organizations need to change the way they think about insider threats.
“We tend to use the lens of cybersecurity when we think about this,” Ford said. “The lens of fraud is a much better lens, right? So, there’s this whole concept of fraud which is perpetrated by employees, and now that all involves something cyber, pretty much. So, these worlds are merging. It used to be fairly separate, but now the footprints of those fraudulent transactions or those fraudulent acts often exist in the cyber space and that’s where you can find them and shut them down.”
Organizations need to understand the human element if they want to defend themselves against internal and external cyberattacks. New-school security awareness training can build a culture of security within your organization so that both non-malicious and malicious insider threats can be prevented. The CyberWire has the story: https://thecyberwire.com/podcasts/cw-podcasts-special-2019-insider-threats.html