Insider threats are an ongoing challenge for government agencies, which have experienced dozens of such incidents since 1996, according to Carnegie Mellon University. The majority of these security events were fraud-based, but some cases involved sabotage and theft of intellectual property.
That’s why it’s critical for government organizations to take a comprehensive approach to cyber security that includes a mix of solutions and training programs – because even seemingly harmless actions by employees and contractors can put agencies at risk.
Insider Attack Vectors
The classic archetype for the insider threat is a rogue employee who carries out illegal activity for personal gain, but did you know that even a non-malicious staffer can be an insider threat? Carelessness represents one of the biggest insider threat risks. Simple, everyday actions – such as clicking a link in an email or leaving a desktop screen open before heading out to lunch – can allow bad actors access to the network.
Other insider attack vectors may include:
- Non-hostile turned hostile insiders: The Department of Justice (DoJ) last year indicted two Chinese spies who hired insiders to deploy malware.
- Vendor threats: In another DoJ case, a Chinese espionage group was indicted for leveraging the networks of technology companies to gain access to their customers.
- Supply chain threats: Malware can be threaded right through an entire supply chain, as was the case with NotPetya malware, which was distributed via a software update.
Thus, it’s critical to have a defense in depth strategy to secure organizational systems and data.
My recent webinar, Understanding, Combating, and Identifying Insider Threats for Government, offers concrete approaches that government agencies can take to limit risks from insider threats. These recommendations include:
- Education: Education is one of the best ways to prevent insider attacks. That includes training and communications. Organize meetings with departments and teams to walk through the specifics of an insider breach and how best to respond.
- Have a plan: Using insights gained from those educational meetings, develop an incident response plan that lays out the steps necessary for responding to an insider breach. Make sure to test it regularly with tabletop exercises, and always look for areas of improvement.
- Understand workflows: Build strategies that protect employee actions, based on where (e.g., at home, during conferences) and how (e.g., via cellphones, personal devices or software) they access the agency network.
- Deploy the right technologies: Anti-virus is a start, but it can’t always stop an employee from unintentionally downloading malicious software. Once workflows are mapped, consider solutions such as mobile device management, email security, and endpoint security that detect and block threats.
Another key point: Understand that taking security measures is a never-ending process. As the National Insider Threat Task Force points out: “Our collective efforts to address the insider threat require constant evaluation, fresh perspectives, and updated approaches to address current and future risk.”
Every organization needs to assume that a data breach is going to happen. Considering the sensitive data that government agencies are responsible for, everything from personal data to state secrets, it’s critical to be prepared.
Check out the webinar today for additional advice, insider threat examples, and the types of assets and systems that are typically targeted by malicious insiders.