RSA 2013: User habits and behavior can denote a future insider thief
In a Tuesday session at RSA Conference 2013, Patrick Reidy, CISO at the FBI, and Kate Randal, insider threat analyst for the agency, said the risk posed by insiders shouldn't necessarily be considered a security problem.
Randal said that in insider threat scenarios, “the major problem is we trust our threat” and, because of this, management fails to take note of red flags that often precede cyber espionage or theft of intellectual property by staff.
Signals to be on the lookout for include major changes in personal relationships, such as a divorce, or individuals who display high signs of stress caused by their personal life. In addition, employees with difficulty working well in team settings or who are experiencing financial hardships should be observed.
Reidy said workers who participate in malicious activity usually join their place of employment with no ulterior motives, but could wander astray due to aforementioned pressures.
He also said that the public often labels hackers and insider threat actors as one and the same – though that is rarely the case.
“You are dealing with authorized users doing authorized things,” Reidy said of internal perpetrators. “They don't need to access hacking tools.”
Randal advised that management keep watch of things like who has access to which systems in the workplace, and that senior leaders identify the most important data at their organizations.