Picture
Posted in Cyber Threats by Derek Smith on January 14, 2015

Insider threats do not seem to get the same press as a breach at Target or Sony, but as the Robert Hanssen and Edward Snowden cases demonstrated, they are equally as important. The following are 5 ways organizations can improve upon their insider threat defenses:

  1. Recognize that insider threats are not hackers.
  2. Often people think of the most dangerous insiders are hackers who are running special technology tools on internal networks. But that simply is not the case. When dealing with the inside threat you are often dealing with users who are authorized to use the system, but are doing so with malicious intent. In fact, most inside attacks do not run hacking tools or escalate their privileges for purposes of espionage. They do simple attacks using the authorization they have. According to the FBI, just less than a quarter of insider incidents tracked on a yearly basis come from accidental insiders. However, the FBI’s insider threat team spends 35 percent of their time dealing with these problems.

  3. Recognize that insider threat is not a technical or cybersecurity issue alone.
  4. Unlike many other issues in cybersecurity, the risk from insider threat is not a technical problem; it is a people-centric problem requiring a people-centric solution. As people are multidimensional, organizations have to take a multidisciplinary approach to solving the insider threat dilemma. This means that responsible parties within an organization must focus their efforts on examining and monitoring internal people and the data that would be at risk. This entails understanding who the people really are from three important informational aspects: cyber, contextual, and psychosocial. The combination of these three things is what’s most powerful about this methodology. Responsible parties must work with their legal and managerial departments to figure out what works best within the limitations of the organizational environment.



  5. A good insider threat program should focus on deterrence, not detection.
  6. Organizations need to come up with powerful tools to stop inside threats before they can do damage within the organization. Such measures as better hiring practices may ferret out potential violators, such as Snowden. Rather than getting wrapped up in prediction or detection, organizations should start first with deterrence. This means creating an environment in which it is really difficult or uncomfortable to commit insider attacks. Additionally, organizations must constantly remind users of the policies in place and that their interaction with data is being monitored.

  7. Detection of insider threats has to use behavioral-based techniques.
  8. The idea behind behavioral-based techniques is to detect insider bad behavior right before a good employee is about to turn bad. This entails observing how employees operate on the network and how they look contextually. By this observation one can build baselines and look for anomalies in employee behavior. It is recommended that a minimum of six months of baseline data is collected prior to attempting any detection analysis.

  9. The science of insider threat detection and deterrence is in its infancy.
  10. The science of insider detection and deterrence is still in its infancy. One of the issues with its slow growth is that much of the existing research just focuses on looking at data from the bad guys. Organizations must really try to push this diagnostic approach of collecting data from and comparing it between a group of known bad and a group of assumed good (insiders) and try to apply that methodology to those three realms (cyber, contextual and psychosocial).

Organizations can try to elicit this information from other avenues: observation, behavioral manifestations, making supervisors more aware of the insider threat problem, and creating an environment where people may be more willing to report some of these things as they see them.


 


Comments

04/24/2015 9:16pm

Total Video Converter helps you convert avi to mp4 with fast speed and high quality.

Reply
05/01/2015 10:43pm

MyBrushes paint for Mac app is the best Mac paint software to paint on Mac infinite canvas and PLAYBACK drawing Paintbrush for Mac.It's good as ms Paint for Mac.

Reply
11/14/2015 1:46am

IObit is the best Speed up Slow Computer, Keep PC, Driver Booster, Uninstaller and Internet.Here you can use IObit promo codes, coupons, offers, deals & discounts. Receive discounts on Advanced System Care Up to 50% off IObit coupon.

Reply

I am so much excited after reading your blog. Your blog is very much innovative and much helpful for any industry as well as for person.

Reply
07/18/2016 10:57pm

wow, great, I was wondering how to cure acne naturally. and found your site by google, learned a lot, now i’m a bit clear. I’ve bookmark your site and also add rss. keep us updated.

Reply
08/02/2016 12:46am

This is a great inspiring post. I am pretty much pleased with your good work. You put really very helpful information. I am looking to reading your next post.

Reply
08/15/2016 10:10pm

I am always searching online for articles that can help me. There is obviously a lot to know about this. I think you made some good points in Features also. Keep working, great job!

Reply
10/04/2016 2:10am

This is very difficult to aware the inside threads because the common man don’t know about inside threads program. Your post is really good for everyone and read this article everyone must aware the inside threads.

Reply
11/08/2016 5:32am

I am glad that you shared this helpful info with us.

Reply
11/09/2016 2:24pm

Everyone is a great master of itself. Controlling innerself is the great power of a common man. If you have your inner calmness. than you can have the outerself in your control.

Reply

Excellent blog post show us and also this blog site is excites more individuals to reviewing that blog. Really this blog site maintaining a distinct and appealing information.Thanks for provide us. Keep it up.

Reply
11/16/2016 3:24am

Very informative post. Excellent sharing.

Reply
11/16/2016 3:38am

Hi man am very happy to see your Great idea work. Thanks you for another great article.

Reply
11/30/2016 4:07am

You are doing very good work, keep posting admin.

Reply
12/06/2016 2:09am

Excellent blog here! Also your site loads up fast.

Reply
12/15/2016 4:05am

Your article perceftly shows what I needed to know, thanks!

Reply
12/19/2016 11:39pm

It is one of the most attractive video game that provides the maximum entertainment at the vast level.

Reply
12/20/2016 7:50am

It is truly a great and helpful piece of info,Excellent blog,Thanks for sharing.

Reply
12/22/2016 3:38am

Thanks for sharing this article,thisis very interesting

Reply

Derek A Smit is a cyber security expert author and speaks regular, not only this he is a business leader. He is a good trainer who trained us in international industry expert.to get its instructions we subscribe this site.

Reply
01/05/2017 10:41pm

Nice Web site, Continue the beneficial work. With thanks!. Super inarfmotive writing; keep it up.

Reply

A best powerful Aiseesoft Blu-ray Player Pro Latest Version player that could play Blu-ray disc, Blu-ray ISO Blu-ray folder, file and common media files and videos.

Reply
01/09/2017 4:02am

Your work is very good and I appreciate you and hopping for some more informative posts.

Reply

It is truly a great and helpful piece of info,Excellent blog,Thanks for sharing.

Reply
01/17/2017 10:26pm

Excellent blog here! Also your site loads up fast.

Reply
01/22/2017 4:24am

I love all the posts, I really enjoyed, I would like more information about this, because it is very nice.Thanks for sharing.

Reply
01/22/2017 5:01am

Very useful article .

Reply
01/22/2017 11:24pm

Excellent article share with us as well as this blog site is thrills even more people to reading that blog.

Reply
01/22/2017 11:25pm

Great post

Reply
01/26/2017 11:24pm

whoah this weblog is excellent i love studying your articles.

Reply
01/29/2017 4:46am

Ron Spann is the substance organizer for driving money related sites that offer obligation solidification counsel and direction. Discover what to search for when applying to an obligation solidification advances benefit.

Reply

This is such a nice great website

Reply
01/30/2017 12:54am

I enjoyed the article.. Thank you so much for sharing the post.

Reply
02/07/2017 1:50am

This is really an informative and awesome blog to see, thanks for sharing such a terrific blog..

Reply
02/11/2017 3:16am

It’s really pleasure to read your post.

Reply

Specialist credits empower you to utilize your value with the end goal of obligation combination. Obligation solidification is the perfect arrangement in the event that you have earlier individual and business obligations.

Reply
02/25/2017 12:29am

Good morning to all and thank you very much for this one site that always presents the information

Reply
04/28/2017 11:30pm

I like viewing web sites which comprehend the price of delivering the excellent useful resource free of charge. I truly adored reading your posting. Thank you!

Reply
05/20/2017 12:56am

It is a fantastic blog its really inspiring and full fill with knowledge, very interestinf content:

Reply
05/23/2017 3:13am

Absolutely fantastic posting, such informative article keep sharing more articles.

Reply

it's a very wonderful blog with many ideas. very useful content. great work

Reply
05/29/2017 11:56pm

Awesome tips! Thanks for sharing.

Reply
06/01/2017 3:23am

it's a very wonderful blog with many ideas. very useful content. great work It’s really pleasure to read your post.

Reply
06/01/2017 3:30am

enjoyed this site a lot. Keep posting article like this.

Reply
06/05/2017 9:39pm

I would like more information about this, because it is very nice.Thanks for sharing.

Reply
06/16/2017 8:11am

This is really an informative and awesome blog to see, thanks for sharing such a terrific blog..

Reply



Leave a Reply

    Author

    I am an expert on cyber security and business leadership with doctoral level training.  I am also an author, speaker and trainer.

    Archives

    April 2015

    Categories

    All
    Cyber Security

    View my profile on LinkedIn