Technology Can Not Diminish Insider Threats By Itself

A trusted insider is more of a therat to the US government than the threat of Russian or Chinese economic espionage 

Insider threats have disclosed and improperly removed troves of sensitive information from government networks that compromise secrets and highly secretive security programs. While various technical and cyber-enabled monitoring tools have been applied to prevent such actions, the intelligence community’s top counter-intelligence officer believes that understanding the human element is most important.

“The mind of the insider threat: That is what I believe to be the critical component of stopping, if we can,” the individual that wants to be nefarious and do malicious behavior, said William Evanina, the national counter-intelligence executive within the Office of the Director of National Intelligence.

Speaking during a recent event hosted by the Intelligence and National Security Alliance, he said monitoring these insider threats is “almost impossible” because the intelligence community, government or private sector are not going to create a draconian environment where they search people on their way in and out. 

The question, then, does not become one of technological solutions, some of which use analytics to monitor certain cyber activity, but rather how to get “left of an event” by identifying the individual and providing a venue to act out. These venues, he said, could be as simple as an employee assistance program, an interview with someone in the security department or a peer consultation.

There are highly capable tools to track keyboard strokes and data, but it will not identify an individual that was passed up for a promotion or the individual going through a divorce or financial difficulties, Evanina said.

“There is no technological monitoring that can detect that.” 

He said there are three categories that are key to understanding and identifying the insider threat: narcissism; Machiavellianism (the ability or a want to manipulate others); and a callous, cold personality. 

The key to success for curbing insider threats will be to marry these three categories by understanding the individual’s mindset and have robust monitoring on the individual's systems and data.

INSA released a white paper outlining behavioral models that can improve the monitoring of insider threats. “Both goals, improving early warning of vulnerability and understanding individual complexity, entail not only defining psychological models but also seeking methodologies and tools that can assist in swift, continuous identification and assessment,” the white paper reads. 

“Most efforts to data have focused on characterising individuals at a specific point in time, during an initial or periodic investigation, but employers now recognise the importance of leveraging innovative technology and data sources to monitor and evaluate individuals on a continuous basis.
 
With the boom in social media, the report notes that leveraging certain tools can help identify certain individuals and personalities at risk for insider threats. These include personality mapping (psycho-linguistics), life-event detection (text analytics) and emotion detection (sentiment analysis). 

C4Isrnet
 

 

You Might Also Read: 

US Intelligence Agencies Fear Insiders As Much As Spies:

Safeguard Data When Employees Leave:

Are Employees Your Weakest Link When It Comes To Security?:

 

 

« Ten Myths About Cybercrime
Cybersecurity Trends For Boards & Directors »

Perimeter 81

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Perimeter 81

Perimeter 81

Perimeter 81 is a Zero Trust Network as a Service designed to simplify secure network, cloud and application access for the modern and distributed workforce.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

eBook: Practical Guide to Security in the AWS Cloud

eBook: Practical Guide to Security in the AWS Cloud

AWS Marketplace would like to present you with a digital copy of the new book, Practical Guide to Security in the AWS Cloud, by the SANS Institute.

Security Compass

Security Compass

Security Compass is a software security company that provides professional services, training, and a first-of-its kind Software Security Requirements Management (SSRM) platform.

Center for Information Security Awareness (CFISA)

Center for Information Security Awareness (CFISA)

CFISA provides online and onsite information security training courses.

MarQuest

MarQuest

MarQuest provides services and systems to enhance network reliability and security.

CYBERPOL

CYBERPOL

CYBERPOL's mission is to facilitate the widest possible mutual assistance between all cyber crime law enforcement authorities to help mitigate global cyber threats.

edgescan

edgescan

edgescan is a cloud-based continuous vulnerability management and penetration testing solution.

Secure Channels

Secure Channels

Secure Channels products offer advanced access control, adaptable encryption, data protection, enterprise confidentiality solutions and proximity-based monitoring and intelligence capabilities.

Dreamlab Technologies

Dreamlab Technologies

Dreamlab specialises in securing critical IT infrastructures. We offer qualitative support and advice for managing your infrastructure and cyber security needs.

Magtech Solutions

Magtech Solutions

Magtech Solutions is a one-stop IT Solutions provider offering Cloud Computing, IT Security, Unified Email Solutions and ERP systems.

Clavis Information Security

Clavis Information Security

Clavis is an Information Security company offering a complete portfolio of solutions from Pentesting and Security Assessments to Managed Security Services and Training.

CyberDegrees.org

CyberDegrees.org

CyberDegrees.org aims to provide top-notch information for students seeking Cyber Security education and career guidance.

CybX Security LLC

CybX Security LLC

CybX is led by a veteran team with experience in enterprise security system design, development and deployment.

Systems Assessment Bureau (SAB)

Systems Assessment Bureau (SAB)

Systems Assessment Bureau is an internationally recognized ISO Certification Body with a unique vision of “Excel together with global standards”.