In conjunction with National Insider Threat Awareness month, the Defense Department has launched a counter-insider threat program aimed at educating its analysts on how to spot potential threats and suspicious behavior.
“What we are trying to do is tell people if you hear that, if you see that, if you sense that, pay attention to that,” Brad Millick, director of DOD's counter-insider threat program in the Office of the Under Secretary of Defense for Intelligence, said in a report on the Defense Department website. “To prevent damage and avert casualties, we need the workforce's help.”
Noting that some people are hesitant to report on their coworkers or even themselves, Rebecca Morgan, chief of the insider threat division at the Defense Counterintelligence and Security Agency's Center for Development of Security Excellence (CDSE), said counter-insider threat programs, which are meant to deter, detect, and mitigate risk “are most effective when providing proactive intervention to individuals who are struggling with everyday stress.”
That intervention, she said, could prevent either “witting or unwitting threats to the enterprise via unauthorized disclosure, targeting and recruitment by foreign intelligence, acts of workplace violence or other forms of harm to the department and its assets."
Warning signs and troubling behavior may include threatening statements or actions, signs of disgruntlement, ideological challenges or opposition to the mission, circumventing rules or behaviors reflecting ethical flexibility, unauthorized browsing of files and records and external influences like substance abuse or financial problems that impact work.
“Here’s what you need to remember when combating the insider threat: Understand the normal behaviors of everyone that accesses your network. When you know the typical behavior, you can more easily spot anomalies,” said Stephen Moore, chief security strategist at Exabeam, who called it a hard truth “that you can’t always trust your citizens – the employees, third parties and machines operating inside your network.”
Unwitting insiders who open phishing emails are often the starting point for ransomware attacks “which can then wreak havoc on organizations’ critical data and systems, let alone the costs of recovery and possible damage to your brand,” said Caroline Seymour, VP of product marketing, Zerto.
The shortage of IT security professionals can exacerbate the likelihood that an organization will fall victim to an insider threat. “The pace of cybercrime is continuing to grow so the demand is outpacing the supply of security professionals who can help combat the ever-increasing threats. “With the shortage in security, organizations are consistently operating understaffed, and team members don’t have time to be as vigilant as they should be, which could lead to a slip in security,” said Eric Sheridan, chief scientist at WhiteHat Security. “People make the misconception that the people who are the reason for insider attacks are malicious, however, sometimes they are just individuals who are burnt out.”