The Enemy Within: Dealing with Insider Threats

Transcription

1 The Enemy Within: Dealing with Insider Threats

2 PERSONAL FACTORS Greed or Financial Need Anger/Revenge Problems at Work Ideology/Identification Divided Loyalty Ingratiation Compulsive and Destructive Behavior Relationship, Marital, or Family Difficulties

3 TECHNOLOGY INDICATORS Misuse of IT systems or noncompliance with corporate IT policies Accessing information systems or network areas without valid business reason ing sensitive information via internet without encryption Encrypting s sent to private or personal accounts Conducting malicious activity (hacking, password cracking, accessing restricted information) Failure to turn in remote access capability (e.g. secure token) upon termination or extended absence Attempting remote access to networks while on furlough or following termination ORGANIZATIONAL FACTORS Providing access privileges to those who do not need it Undefined policies regarding working from home on projects of a sensitive or proprietary nature The perception that security is lax and the consequences for theft are minimal or non-existent Employees are not trained on how to protect proprietary information

4 BEHAVIORAL INDICATORS Without need or authorization, takes IP or other material home via documents, thumb drives, computer disks, or Inappropriately seeks or obtains IP or sensitive information on subjects not related to their work duties Interest in matters outside the scope of their duties Unnecessarily copies material, especially if it is proprietary or sensitive Remotely accesses the computer network while on vacation, sick leave, or at odd times Disregards company computer policies or installing personal software or hardware Works odd hours without authorization Short trips to foreign countries for unexplained or strange reasons Unexplained affluence Engages in suspicious contacts, such as with competitors, business partners or other unauthorized individuals Overwhelmed by life crises or career disappointments

5 BEST PRACTICES FOR INSIDER THREAT MITIGATION Consider threats from insiders and business partners in enterprise-wide risk assessments Clearly document and consistently enforce policies and controls Incorporate insider threat awareness into periodic security training for all employees Beginning with the hiring process, monitor and respond to suspicious or disruptive behavior Anticipate and manage negative issues in the work environment Know your assets Implement strict password and account management policies and practices Enforce separation of duties and least privilege Define explicit security agreements for any cloud services, especially access restrictions and monitoring capabilities Institute stringent access controls and monitoring policies on privileged users

6 BEST PRACTICES FOR INSIDER THREAT MITIGATION Institutionalize system change controls Use a log correlation engine or security information and event management (SIEM) system to log, monitor, and audit employee actions Monitor and control remote access from all end points, including mobile devices Develop a comprehensive employee termination procedure. Develop a formalized insider threat program Establish a baseline of normal network device behavior Be especially vigilant regarding social media Close the doors to unauthorized data exfiltration

7 YOU CAN MAKE A DIFFERENCE Educate and regularly train employees on security or other protocols Ensure that proprietary information is adequately, if not robustly, protected Use appropriate screening process to select new employees Routinely monitor computer networks for suspicious activity Ensure security (to include computer network security) personnel have the tools they need Remind employees that reporting security concerns is vital to protecting your company s IP, reputation, its financial wellbeing, and its future

8 Carmine Nigro FBI Boston