CERT Insider Threat Center, a research arm of Carnegie Mellon University’s Software Engineering Institute (SEI). They have defined an insider threat as: …the potential for individuals who have or had authorized access to an organization’s assets to use their access, either maliciously or unintentionally, to act in a way that could negatively affect the organization.
An insider threat is a malicious threat to an organization that comes from people within the organization, such as employees, former employees, contractors or business associates, who have inside information concerning the organization’s security practices, data and computer systems. The threat may involve fraud, the theft of confidential or commercially valuable information, the theft of intellectual property, or the sabotage of computer systems. Insider threats have the ability to expose an organization to a wide range of cybersecurity hazards, simply because they are considered trustworthy or close to the data or systems most at-risk.
Anthem was hit with an insider theft that resulted in personal data being stolen for over 18,000 Medicare members. Anthem’s Medicare insurance coordination services vendor learned in April 2017 about an employee that had been stealing and misusing Medicaid member data since as early as July 2016.
Target’s highly publicized 2013 credit card data breach was a result of a third-party vendor (another type of insider threat) taking critical systems credentials outside of an appropriate use-case. The credential access allowed the hackers to take advantage of weaknesses in Target’s payment systems to gain access to a customer database and install malware. Then, they were able to steal personally identifiable information (PII) of Target’s customers, including: names, phone numbers, emails, payment card details, credit card verification codes, and more.
One dramatic example is that of Greg Chung, who spied for China while employed at Rockwell and later Boeing, stealing hundreds of boxes worth of documents pertaining to military and spacecraft from 1979 to 2006, when he was finally caught. There’s probably no way to place a dollar figure on the amount of data stolen or to fully suss out the repercussions of its theft.
The insider threat has posed significant challenges to US DOD from millions of documents unearthed by former contractor Edward Snowden to recent breach where sensitive personal data of tens of millions of federal employees has been lifted that not only puts individuals at risk, but compromises certain operational practices of the U.S. military/intelligence complex.
Sometimes user negligence leads to the biggest insider threat incidents. In the case of RSA (the security arm of EMC), employees clicking on targeted phishing attacks led to a successful advanced persistent attack that may have compromised 40 million employee records (the full extent of which is still not known). The attack showed that no one,including security firms themselves are immune to insider-caused data breaches.
Across all companies and departments, insider threats are on the rise. In the Osterman Research white paper entitled White Hat, Black Hat and the Emergence of the Gray Hat: The True Costs of Cybercrime, it is found that insider threats account for a quarter of the eight serious cybersecurity risks that significantly affect private and public sectors. To put it another way, an organization’s current and former employees, third-party vendors, contractors, business associates, office cleaning staff, and other entities who have physical or digital access to company resources, critical systems, and networks are collectively ranked in the same list as ransomware, spear phishing, and nation-state attacks.
When companies traditionally look outwards for security threats, they should be looking inwards towards their most trusted asset, employees. Employees have access to sensitive information, especially in customer service. Employees can have negligent or malicious intentions; meaning they can exploit sensitive data knowingly or without knowing. Traditional methods – like firewalls – are almost obsolete when mitigating these types of threats, because trusted insiders already have privileged access and know the company’s ‘hurt’ points.
IDST Monthly Access Membership Required
You must be a IDST Monthly Access member to access this content.