What Happens When Insider Cybersecurity Threats Infiltrate the U.S. Government?
Protecting a digital system is a lot like defending a castle in medieval Europe.
The protection of a digital system from hackers is often thought of as a "perimeter" defense, or say, a moat. With such a defense, layers of security or "walls" are built around the data, similar to the outer and inner walls protecting a castle’s keep. That data is then stored in a system to prevent outside intruders from gaining access, not unlike a castle’s towers, parapets, drawbridge or barbican.
Access to the data involves entry through secure "gates" that are guarded with firewalls, passwords and intrusion detection systems or, in the instance of a castle, a well-fortified gatehouse and arrow loops for defending armies and loyal knights. Generally, such a system is effective in keeping out a high percentage of any kind of enemy.
Or is it?
Unfortunately, no matter how high an organization or a castle builds its walls or invests in its security, all is for naught if authorized personnel — or a disgruntled knight — inside the perimeter opens the gates or passes information to the outside.
Why Insider Threats are a Real Concern
According to Tripwire.com, 74% of companies feel that they are vulnerable to insider threats, with 7% reporting extreme vulnerability. Most data breaches today involve an insider in some way, whether through a nefarious or unaware employee. Organizations can spend millions in defense on security measures, but it can all come undone by an insider.
While insider threats can cost millions in damages, a far greater threat exists when the insider is employed by the government and provides sensitive information to outsiders. A case-in-point involves the recent disclosure by the CIA that an agency employee who leaked sensitive information had been identified. The New York Times noted it was "the largest loss of classified documents in the agency’s history and a huge embarrassment for CIA officials."
The U.S. government has recognized the danger of insider threats to security and, in 2011, established the National Insider Threat Task Force (NITTF). It’s mission is to "develop a government-wide insider threat program for deterring, detecting and mitigating insider threats, including the safeguarding of classified information from exploitation, compromise or other unauthorized disclosure, taking into account risk levels, as well as the distinct needs, missions and systems of individual agencies." While this agency has worked diligently in preventing the loss of information, insider threats remain one of the most difficult challenges to security.
How to Prevent the Loss of Data Due to Insider Threats
There is no perfect data security system when determined individuals and rogue nation states with time and resources breach the most secure systems. But with sufficient training and education, organizations can greatly impede the loss of data and hinder insider threats.
To mitigate data loss, here are my suggestions:
- Screen new hires carefully,
- Monitor employees for signs of distress, especially financial issues,
- Monitor digital system for signs of unusual transfer of data,
- Immediately remove access to an organization’s data when an employee is terminated or quits and
- Train employees on how to identify insider threats and work toward creating a cybersecurity culture.
Written by Dr. Jane LeClair
Dr. Jane LeClair is the president of the Washington Center for Cybersecurity Research and Development, and consults on cybersecurity programming at Thomas Edison State University. She has previously served as the Chief Operating Officer for the National Cybersecurity Institute. Dr. LeClair holds an M.S. in Cybersecurity and an Ed.D. in Adult Education.