It has been almost 2 years since Edward Snowden leaked information on classified NSA programs, and in the wake of that event there are organizations that still fail to invest much effort into building insider threat programs. I believe that organizational decision makers see the Snowden incident as an isolated event that they don’t have to worry about. Even companies faced with a clear risk seem more inclined to deal with external risk, while they ignore the internal problem.
One major problem is that although some security managers may recognize the need for an insider threat program, they may not be able to get funding for one. The dilemma is that the top leadership in organizations, who controls the purse strings, view the Snowden leaks as an event that doesn’t pertain to their specific company or industry. Without their support, an insider threat program is doomed before it even begins. However, in reality, almost every organization in existence experiences losses related to insiders, be they lost laptops or employees inadvertently leaking information on the Internet.
When it comes to mitigating the insider threat, the obvious measures you routinely hear about can help prevent data loss within your organization. Measures such as deploying proper access controls and a good auditing process may stop the little losses from occurring. They certainly may have stopped Snowden, if someone was really paying attention.
Organizations need to pay attention to the “little things” that, although small, are huge indications of a potential problem. When I was a special agent we called these “fraud indicators” and I would teach contracting officers how to recognize these indicators. As a former fraud investigator, I can state for a fact that in most cases, there were many small incidents that, had they been noticed, may have prevented the major crime from occurring. Here are a few insider threat fraud indicators you should watch for.
• A co-worker asking you, or anyone, for data for which they should not access;
• Co-workers asking for access they shouldn’t receive;
• Co-workers attempting to violate their granted access privileges;
• Co-workers asking to bring in, or bringing in, mass storage devices when they are prohibited.
If you are diligent and pay close attention, you just may be able to stop a major insider threat incident from ever occurring.
To receive our daily blogs, please follow us on Twitter!