The Insider Threat and Cyber Espionage: Watch Your Back!
By Matt Roe
Invictus and the Unconquered take the threat of the Insider most seriously. As a discipline, Insider Threat is often misunderstood, in part because of the nature of the term. An “Insider” is typically someone who plays an integral role in an organization and is trusted with sensitive information, resources, infrastructure, and data, while a “Threat” is something that possesses a serious risk to the organization, but has not been realized. In the later case, the threat may or may not be an individual. The question any organization has to understand is at what point does someone start monitoring an individual because they may or may not do something in the future?
On the other hand, Cyber Espionage is typically when an external entity capitalizes on the organizations’ threats for the sole purpose of monetizing exploitation capabilities.
It is now understood that we can no longer look at insider threats as a “malicious insider” (although they tend to cause lots of damage) within organizations, but we certainly must view these more broadly in categories such as; technical limitations (i.e. bugs, etc.), ineffective organizational policies, procedures, or even systemic corporate culture issues. In fact, some cyber espionage cases have made use of either knowing or unknowing insiders.
First and foremost, within both industry and in the federal government, we must recognize all industries are vulnerable from Insider Threats (i.e. a known insider such as Edward Snowden, or an unknowing insider such as what happened in the data breach at the Office of Personnel Management) and nation states, corporations, or bad actors conducting Cyber Espionage (i.e. the Sony data breach). That said, here at Invictus we understand how to establish and run successful insider threat programs. These programs as well as properly run counter-espionage activities, understand completely the critical resources, data, and infrastructure that they need to protect their environment. Since that complete understanding is necessary, Government entities and Commercial Corporations must constantly review and ask, what are those things most critical, that if we were compromised we could not fulfill the mission or we would go out of business. Additional questions on where an organization could lose significant market share or lose precious intellectual property, or where captured competitive corporate intelligence could bring harm to the corporate reputation are also extremely relevant. Invictus integrates these processes into the vulnerability assessments we offer corporations and government organizations. For commercial customers, we help you identify your most valuable information and provide options and an analysis of alternatives to protect that data. We then review your policies and procedures for data access, encryption, and other protection means while reviewing or suggesting possible procedures and technologies to consider for monitoring any threats from knowing or unknowing insiders.
To address the “threats,” organizations must draft policies and guidance which focus on minimizing corporate risk through sound administrative policy, practices, and processes. We must also invest in collection, aggregation, and analytical technologies and capabilities, which can directly correlate specific instances and identify critical vulnerabilities across all data types related to the government or corporate “crown jewels.”
PREVENTION of insider threats and cyber espionage is our primary goal. Invictus achieves this through the well-balanced application of DETERENT and DETECTION capabilities that we couple with analytical counter-espionage components. In general, DETERENT capabilities are provided through governance structures, policies, and procedures, as well as, cyber awareness and insider threat training. While DETECTION capabilities tend to rely upon agented and agentless technologies, along with corporate data resources (i.e. personnel records) that enable investigators to determine the risk associated with individual employees and how that risk changes over time.
Invictus recently led an industry panel in St. Louis, Missouri where we brought together industry leading professionals on this topic. The panel presented both industry and government perspectives and challenges on the topic of insiders and the threats they present, including behaviors, technologies, and a variety of successful practices that have been implemented.
Please reach out if you or your team are interested in learning more about these topics, or if you want to discuss how Invictus can help your organization establish, mature, or augment your insider threat deterrent capabilities to prevent trusted insiders or external threats from crippling your business.