Page 8 - index
P. 8
The Many Faces of Insider Threats
By Tom Cross, Director of Security Research, Lancope, Inc.
The WikiLeaks disclosures and other news events have caused the insider threat to recently
become a more prominent topic. According to a survey conducted by Lancope, concerns
over the insider threat are rising, with 40 percent of respondents citing it as a top risk to their
organization. It is important to understand that there are several types of insider threat, and
that each type requires a different approach from a cybersecurity standpoint.
Who Is the Insider Threat?
At Lancope, we view the insider threat as three distinct categories of threat actor:
Negligent Insiders - Insiders who accidentally expose data – such as an employee who
forgets their laptop on an airplane
Malicious Insiders - Insiders who intentionally steal data or destroy systems – such as a
disgruntled employee who deletes some records on his last day of work
Compromised Insiders - Insiders whose access credentials or computers have been
compromised by an outside attacker
When people talk about the insider threat, they are often referring to negligent insiders who
accidentally harm systems or leak data due to carelessness. However, the other categories
of insider threat also represent significant challenges for organizations. It is important to
understand what impact each category of insider threat has for your organization so that you
can implement the right responses. A program focused on one of these types of threats
won’t necessarily protect the organization against the others.
What steps can you take to protect your organization against each type of insider threat?
Negligent Insiders
Negligent insiders don’t mean to do anything wrong – they are just employees who have
access to sensitive data and inadvertently lose control of it. A large number of security
incidents and “data breaches” fit this description.
Various measures can be used to deter negligent activity and “keep honest people honest.”
Access controls can prevent people from obtaining sensitive data that they do not need in
order to do their jobs. Encryption of data at rest can also help prevent data loss by negligent
insiders in the event that they lose their laptops or other equipment. User education also
matters here. Anything you can do to get employees to be more conscientious with company
data can have a positive impact – for example, providing dummy datasets to developers so
that they don’t work with real PII information on development systems. You want the path of
8 Cyber Warnings E-Magazine – July 2014 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
