Incident Response, TDR

2 minutes on: Interviewing for access

Since former Booz Hamilton contractor Edward Snowden came clean as the source of leaked classified documents that revealed the National Security Agency's (NSA) mass secret surveillance program, there's been debate over whether to label him a hero or traitor – or something in between. One category, however, into which he more neatly falls is the insider threat. But he's no ordinary insider who was motivated to steal data after being on the job for a while. To the contrary, Snowden, who said he acted from his conscience to inform the public about the spying program, told the South China Morning Post that he had every intention to purloin the top-secret documents, even before he signed his acceptance letter.

According to a survey of 179 network, security and risk and compliance professionals conducted by AlgoSec, a Boston-based network security firm, two-thirds of respondents believed that insider threats are the greatest risk to security.

While it's no surprise that these kinds of attacks are prevalent and considered serious by security professionals, what may be less prominent on their radar is a Snowden-type: Someone who joins a company with the sole purpose of committing theft or sabotage. It's what Jeffrey Carr, founder and CEO of security firm Taia Global, a McLean, Va.-based security firm, calls the “targeted” insider attack.

“Most organizations don't have the budget to do extensive background checks,” Carr said. “While this isn't a panacea, HR departments should pay close attention to any clues that might reveal a potential problem, share those with the people conducting the interviews, and compare notes on how the candidate addresses them.”

Still, this type of attack is the exception, not the rule, says Randy Trezciak, acting manager of the CERT Insider Threat Center at the Carnegie Mellon University Software Engineering Institute.

For nearly 13 years, his team has collected data and analyzed more than 800 incidents where insiders have harmed organizations. Based on their findings, few incidents were tied to an insider who intended to be hired in order to exploit the organization.

However, Trezciak doesn't think that organizations should rule out the chances of one day encountering such a scenario. “It's certainly within the realm of possibilities that those are threats that organizations should consider,” he said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.