The fifth annual National Insider Threat Awareness Month (NITAM) is underway. Created to emphasize the importance of detecting, deterring, and reporting Insider Threats, the initiative is a collaborative effort between the National Counterintelligence and Security Center (NCSC), National Insider Threat Task Force (NITTF), Office of the Under Secretary of Defense Intelligence and Security (USD (I&S)), Department of Homeland Security (DHS), and Defense Counterintelligence and Security Agency (DCSA).
The theme of this year’s NITAM is Bystander Engagement, referring to the important role every individual has in the efforts to defend against insider threats. It combines the concept of “see something, say something” with “there’s strength in numbers.”
As the office of the Director of National Intelligence said, “insiders who misuse their authorized to share and publicize classified information continue to cause great harm to our national security and diplomatic relations.” Insider Threat concerns are certainly not limited to government entities or to physical incidents alone, they also pose a serious risk to the private sector.
When it comes to cybersecurity, Insider Threats can cause more damage to enterprises than external threats because they are harder to find. A quick retrospective of Famous Insider Threat breaches from the past decade underscores the risk.
Detecting insider threats requires security specialists to distinguish between acceptable activities and those that put the organization at risk or are outright malicious. Many organizations simply don’t have the systems and solutions in place to identify such threats quickly and precisely. Additionally, traditional security solutions weren’t built to recognize the tactics, techniques, and procedures (TTPs) and indicators of compromise (IoCs) associated with insider threats because an ‘insider’ is someone who already has the necessary privileges to access resources.
Finding Insider Threats requires careful orchestration of multiple factors. Organizations must be able to:
To do that, there are four necessary steps:
While September is National Insider Threat Awareness Month, an effective Insider Threat program requires 24×365 vigilance. Implementing a program that is customized to your organization, provides rich context, and enables collaboration across the business can elevate your organization’s effectiveness.
You can also find plenty of insider threat mitigation resources on the Gurucul insider threat solution page, so spend some time exploring what we have to offer.
Take a moment to review Gurucul’s Insider Threat resources this National Insider Threat Awareness Month: