Incident Response, TDR

Catching up to the insider

The Snowden leaks brought attention to the insider threat. After all, if it happened to the National Security Agency it could happen to any other enterprise. But after a year of leaks from this exemplary case, have effective changes been instituted to protect organizations from other Snowdens or negligent employees? 

A recent survey by the Ponemon Institute, “Privileged User Abuse & The Insider Threat,” commissioned by Raytheon, polled 693 IT professionals with privileged access to their organization's network. Eighty-eight percent indicated that enhanced security was a top priority. However, only 40 percent indicated they have a dedicated budget to reduce the insider threat. 

There's no denying that the risk posed by a malicious or negligent insider could have a profound effect on an organization's bottom line. In the “2014 U.S. State of Cybercrime Survey,” conducted by Carnegie Mellon's CERT Insider Threat Center, of the 557 respondents, 37 percent indicated that they had experienced an insider incident and 32 percent indicated that the damage caused by the attacks had a bigger impact than those by outsider attacks. 

While these and other recent studies indicate that the level of awareness has increased, Larry Ponemon, founder of the Ponemon Institute, believes that there still isn't enough. “There's not a lot of training on helping people to understand or to raise the level of sensitivity about their environment,” Ponemon says. 

Even though there are advanced technologies that can help organizations conduct more vigorous monitoring of its environment and privileged users, Ponemon believes that the insider threat is still undermanaged. 

“A lot of organizations say they have control over it, but they really don't,” he says. 

Further, although technical controls do help, Tom Cross, director of security research at Lancope, believes that the insider threat is not a technical problem the IT department alone can solve. He believes the issue should be addressed by various departments within an organization including management, human resources and legal. 

“Often, insider incidents happen because of a breakdown in the relationship between the organization and an employee,” he says. “IT has the resources to investigate a concern about an employee, but often, the employee's manager is in the best position to determine if there is a cause for concern in the first place.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.