Technology Can Not Diminish Insider Threats By Itself

A trusted insider is more of a therat to the US government than the threat of Russian or Chinese economic espionage 

Insider threats have disclosed and improperly removed troves of sensitive information from government networks that compromise secrets and highly secretive security programs. While various technical and cyber-enabled monitoring tools have been applied to prevent such actions, the intelligence community’s top counter-intelligence officer believes that understanding the human element is most important.

“The mind of the insider threat: That is what I believe to be the critical component of stopping, if we can,” the individual that wants to be nefarious and do malicious behavior, said William Evanina, the national counter-intelligence executive within the Office of the Director of National Intelligence.

Speaking during a recent event hosted by the Intelligence and National Security Alliance, he said monitoring these insider threats is “almost impossible” because the intelligence community, government or private sector are not going to create a draconian environment where they search people on their way in and out. 

The question, then, does not become one of technological solutions, some of which use analytics to monitor certain cyber activity, but rather how to get “left of an event” by identifying the individual and providing a venue to act out. These venues, he said, could be as simple as an employee assistance program, an interview with someone in the security department or a peer consultation.

There are highly capable tools to track keyboard strokes and data, but it will not identify an individual that was passed up for a promotion or the individual going through a divorce or financial difficulties, Evanina said.

“There is no technological monitoring that can detect that.” 

He said there are three categories that are key to understanding and identifying the insider threat: narcissism; Machiavellianism (the ability or a want to manipulate others); and a callous, cold personality. 

The key to success for curbing insider threats will be to marry these three categories by understanding the individual’s mindset and have robust monitoring on the individual's systems and data.

INSA released a white paper outlining behavioral models that can improve the monitoring of insider threats. “Both goals, improving early warning of vulnerability and understanding individual complexity, entail not only defining psychological models but also seeking methodologies and tools that can assist in swift, continuous identification and assessment,” the white paper reads. 

“Most efforts to data have focused on characterising individuals at a specific point in time, during an initial or periodic investigation, but employers now recognise the importance of leveraging innovative technology and data sources to monitor and evaluate individuals on a continuous basis.
 
With the boom in social media, the report notes that leveraging certain tools can help identify certain individuals and personalities at risk for insider threats. These include personality mapping (psycho-linguistics), life-event detection (text analytics) and emotion detection (sentiment analysis). 

C4Isrnet
 

 

You Might Also Read: 

US Intelligence Agencies Fear Insiders As Much As Spies:

Safeguard Data When Employees Leave:

Are Employees Your Weakest Link When It Comes To Security?:

 

 

« Ten Myths About Cybercrime
Cybersecurity Trends For Boards & Directors »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Information Security Research Association (ISRA)

Information Security Research Association (ISRA)

ISRA is a non-profit organization focused on various aspects of Information Security including security research and cyber security awareness activities.

Gurucul

Gurucul

Gurucul predictive security analytics protects against insider threats, account compromise and data exfiltration on-premises and in the cloud.

Versa Networks

Versa Networks

Versa is a software-defined networking vendor providing an end-to-end solution that both simplifies and secures the WAN/branch office network.

IBA Security

IBA Security

IBA Security is a center of competence consolidating the cybersecurity expertise of the IBA Group.

ThreatAware

ThreatAware

Total visibility of your business cybersecurity. Monitoring, management and compliance for your cybersecurity tools, people and processes from one easy to use dashboard.

Careerjet

Careerjet

Careerjet is a leading online job search engine with a large presence worldwide, sourcing millions of job ads from thousands of websites from all over the world in areas including Cybersecurity.

Asia Data Destruction (ADD)

Asia Data Destruction (ADD)

ADD is the leading IT Assets Disposal and Data Destruction Company in Thailand.

Labs/02

Labs/02

Labs/02 is a seed-stage incubator with a mission to advance cutting-edge technology in innovative areas including AI, deep learning, autonomous transportation, and smart cities.

Blu Venture Investors (BVI)

Blu Venture Investors (BVI)

Blu Venture Investors is a venture capital firm that supports early stage companies with a focus on technology in diverse domains including cybersecurity, IoT, defense and homeland security.

Cyber Pathways

Cyber Pathways

Cyber Pathways brings together the next generation of Cyber professionals along with delegates who are looking to cross train and enter the cyber market.

Sharktech

Sharktech

Sharktech designs, develops, and supports advanced DDoS protection and web technologies.

Midwest Cyber Security Alliance (MCSA)

Midwest Cyber Security Alliance (MCSA)

Midwest Cyber Security Alliance is a nonprofit, nonpartisan collaboration of individuals, businesses, government entities, and professionals advocating for more effective cyber security solutions.

Prism Infosec

Prism Infosec

Prism Infosec is an award-winning independent cyber security consultancy, CREST STAR, NCSC CHECK member, CAA ASSURE audit provider and PCI Qualified Security Assessor.

Matrixforce

Matrixforce

Matrixforce is a vetted IT support provider that uses the patented Delta Method of streamlining technology for financial and professional service firms to reduce complexity and avoid risk.

Pionen

Pionen

Pionen are a specialist information security consultancy with excellent people and proven security delivery methodologies at its core.

Resillion

Resillion

Resillion (formerly Eurofins Digital Testing) is a global leader in quality engineering and cyber security services with operations in Europe, US, UK, India and China.