By Kevin Harris
Driven by technological innovation and rising international uncertainty, today’s intelligence leaders face complex challenges in identifying and addressing insider threats to their organizations. Though not always malicious or intentional, such vulnerabilities can cripple a company’s infrastructure, cause significant monetary loss, compliance difficulties, or broader reputational collapse.
Amidst this confusing landscape marred by inconsistent data and unsure conclusions, public sector officials require unencumbered access to the latest information, tools, and technologies as they prepare their teams for what lies ahead in the publicly available information (PAI) and threat analysis space.
What is an insider threat?
An insider threat is a security risk that originates from within an organization, often from employees, contractors, or partners with authorized access to sensitive information and systems. Insider threats can come in many forms, including intellectual property theft, fraud, sabotage, and data breaches. In order to protect your organization from these threats, it is important to implement a comprehensive insider threat protection program.
Lessons from the Front Lines
An expert panel from GovExec and Babel Street convened recently to discuss key developments, success stories, and best practices, as well as learn what lies ahead in combating insider threats across the public sector. Featured panelists included:
- Patricia Stokes - Senior Federal Executive, Security & Intelligence Community (Ret.)
- Shawn M. Thompson - Senior Manager, Global Insider Risk Services, Google Cloud (Mandiant)
- John Weaver – Chief Strategy Officer, Babel Street
- George Jackson (Moderator) – Executive Producer, GovExec TV
The panel shared a variety of key elements public sector officials need to consider when developing an effective approach to insider threat protection and prevention. In particular, the need to layer in the depth of insights PAI provides as a dedicated component of existing or newly formed programs has emerged as vital in this space.
Insider Threat models have evolved over the years. The old insider threat mindset typically centered around a disgruntled or financially susceptible individual selling information to a foreign entity. This traditional model shifted in more recent times to include individuals who may be more motivated by ideological principles than financial gain.
Today, what panelist Shawn Thompson referred to as “Insider Threat 3.0,” offers yet another shift. In this model, the threat may be more focused on an individual selling access to systems or being solicited to do so by criminal organizations. Such access may be marketed and sold in hard-to-access places such as the deep and dark web.
This latest shift is a part of the reason public and private sector organizations have embraced the “Zero Trust” concept. The panelists each confirmed the critical role PAI plays when it comes to combatting insider threat.
In addition to harnessing the power of open-source intelligence and PAI, here are some best practices for modern insider threat protection:
- Implement a strict access control policy: Ensure that only those employees who require access to sensitive information and systems have it, and that all access is properly monitored and logged.
- Monitor user activity: Keep track of all user activity on your systems, including login attempts, file access, and email usage. This will allow you to detect unusual behavior that may indicate an insider threat.
- Conduct regular security awareness training: Educate employees about the dangers of insider threats and how to identify and report suspicious activity. This will help to create a culture of security within your organization and reduce the risk of accidental data breaches.
- Implement data encryption: Encrypting sensitive data at rest and in transit can prevent unauthorized access in the event of a data breach.
- Utilize modern technology: There are a variety of tools and technologies available to help detect and prevent insider threats, including user behavior analytics, data loss prevention software, and intrusion detection systems.
Protecting your organization from insider threats is critical in today's digital age. By implementing the best practices outlined above and getting ahead of threats before they happen, you can reduce the risk of damage from within and protect your business from the inside out.
To learn more about how Babel Street can help you harness the power of publicly available information to augment your insider threat program, contact us today.