September 2021 is the third annual National Insider Threat Awareness Month, according to the National Counterintelligence and Security Center. This means that we are going to spend much of the month looking at insider threat resources, the sources of insider threats, the best practices for implementing an insider threat program, and the top 10 tips to prevent insider threats – among other topics.
In particular, we’re going to focus on how to detect, mitigate, and deter insider threats in an organization. A good starting point is the official National Insider Threat Awareness Month website of the Office of the Director of National Intelligence, which has a variety of resources for additional reading and taking action on an insider threat program. The goal here is to provide materials to enable organizations to educate their workforces about the insider threat, and to advocate for and promote cultural awareness of the need for everyone to be aware of the threat.
The National Counterintelligence and Security Center (NCSC) has a huge volume of awareness materials including details on insider threat tactics such as social media deception, spear phishing, travel exploits, human targeting, supply chain risk management, and economic espionage. You can download ready-made posters, brochures, and flyers to share within your organizations.
Government Task Force on Insider Threats
Also, within the National Counterintelligence and Security Center is the National Insider Threat Task Force (NTTF), a team assigned to develop a Government-wide insider threat program for deterring, detecting, and mitigating insider threats within government agencies. They have put together additional content for National Insider Threat Awareness Month.
In the decade of its existence, the NTTF has delivered advice and instructions to a variety of agencies on how to promote awareness and education of the need to understand and protect against insider threats to data and other computing resources. It periodically releases guidance and information to agencies on how to best promote plans and policies on protecting data from insider threats in specific government agencies.
What, exactly, is an insider threat? Simply, it’s a potential unauthorized access or theft of data from within the organization, rather than from an external source. Whether it involves a disgruntled employee seeking retribution, a worker looking to profit over the sale of proprietary data, or simply someone accessing data for the sake of curiosity, insiders are as important a consideration as any external threat. An external attacker who compromises a user’s account is also considered an insider threat since that individual now has authorized access to that user’s accounts, data, and applications.
And how do you mitigate insider threats? One of the most important ways is through awareness and education. The vast majority of employees are honest and want to do the right thing. If they are educated in what to look for and how to respond, they can become an important part of your cybersecurity strategy.
To be fair, there may not be any concerns about insider threats; all of your employees may be honest and straightforward. Yet in an enterprise of any size, it’s impossible to see inside the minds and souls of the employees, and know what their motivations and goals are. Designing an effective insider threat program means making people vigilant about protecting enterprise data without accusing anyone.
Part of a Comprehensive Cybersecurity Strategy
The need for organization-wide awareness of attacks and unauthorized access from inside the building is vitally important to building an effective overall cybersecurity strategy. Understanding the potential insider threats is important for everyone in an enterprise, from security analysts to individual line and staff employees. After all, insiders are already inside the organization, from their standpoint addressing at least part of the challenge of accessing computing resources.
This doesn’t mean that employees should spy on one another. But it does require that all be cognizant of how to best recognize and protect proprietary data. Often losses come not so much from intent as from neglect – workers staying logged into systems, or sensitive documents being left on a desk overnight. These are the reasons why awareness is a critically important part of a strategy.
There is more to a cybersecurity strategy than promoting awareness and actions against potential insider threats, but such threats are often forgotten about as organizations focus on attacks from outside. But taking into account data loss and theft from inside the organization is as important, if not more so. Promoting awareness is only the start of a comprehensive insider threat security program.
Of course, you can also find plenty of insider threat mitigation resources on the Gurucul insider threat solution website, including webinars and whitepapers, so spend some time exploring what we have to offer.
Let’s all leverage National Insider Threat Awareness Month to remind ourselves and our organizations of the importance of being aware and vigilant when it comes to protecting sensitive company information from malicious insiders and account compromise attacks.