Are You Vulnerable to Insider Threats?
We’ve all read about some of the very high profile insider threats, Edward Snowden, Harold Martin III, and the numerous ‘dumps’ that are posted via WikiLeaks. As part of our managed security practice we are commonly asked by small businesses if this type of threat is at all applicable to them. The resounding answer is Yes. Small business insider threats are no laughing matter. If your business has any form of trade secret, proprietary process, or a special mix of vendors and suppliers then someone will be interested in that information.
The most common motivation behind Insider Threat is simply the monetization of access to information. A close second is political or ideological differences between the insider and the mission or activity of the victim organization. Detecting an insider threat can be very difficult but there are tools to help with this effort. CIT is partnered with the FBI to help educate, detect, and report the insider threat risk. We recommend executives watch this video from the FBI Counterintelligence Division and National Counterintelligence Executive that personifies the manifestation of a real insider threat situation that took place against a small business.
Understanding Small Business Insider Threats:
There are different types of insider threats: Unwitting Accomplice and Willing Participant. The former is the most common that we’ve seen during our Incident Response (IR) engagements. In this case, using social engineering, an external actor tricks or convinces an insider to disclose or provide access to information that would not otherwise be available to the outsider. This sometimes manifests itself in expert social engineering, long running email or telephone exchanges, and commonly through technical means. Technical exploitation of an insider that is an unwitting accomplice is often done through malicious software (malware), key loggers, Phishing, or browser compromise.
The most damaging and far-reaching type of Insider Threat is the Willing Participant. This type of an attack can go undetected for quite some time – often months and years. Too often the attack isn’t detected until after the perpetrator has left the company. Internal counterintelligence training, policy, separation of duties / access, and a well exercised internal incident response (IR) plan are all key weapons against this threat.