Combatting the Insider Threat

Combatting the Insider Threat

Combatting the Insider Threat

Additionally, DHS should continue to bolster systems that detect the behavioral red flags preceding a malicious cyberattack. Agencies can share information about anomalous behaviors with employees, as employees who work alongside an insider may be in the best position to recognize unusual behavior. DHS currently recognizes a more systematic approach: behavioral methodologies that establish normal use trends (i.e., baselines) of employee cyber activity and evaluate new cyber activity against these trends. When cyber activity deviates from the baseline, this system identifies employees who may be in the process of going rogue.

According to a majority of Federal information technology (IT) professionals, accidental insiders are the greatest IT security threat to their agencies. Lax environments and poor data protection protocols enable employees to accidentally open doors to otherwise secure cyber systems. Online training can emphasize the potential for social media activity to unintentionally leak information, and in-person training helps employees integrate cybersecurity measures into the context of DHS’s larger culture of vigilance. Performing regular audits and effectively managing new-hire background investigations can also reduce the risk of potential accidental insider threats.

Given the dual identity – malicious and accidental – of the insider threat, successfully combatting this risk demands a nuanced approach that balances the need to enhance cybersecurity with the need to promote information sharing and efficiency among Government personnel.

Insider threats are a serious cybersecurity risk to the Federal Government. According to Verizon’s 2013 Data Breach Investigations Report, insider threats, which can be malicious or accidental, comprise at least 14% of confirmed data breaches. Each type of insider threat requires a unique solution.

Malicious insiders intentionally abuse their privileged access to execute cyberattacks. Currently, the  Department of Homeland Security (DHS) restricts employee and contractor access only to the sensitive data required for their roles to limit avenues for malicious insiders. Still, the Government must continue to enhance systems that monitor, review, and roll back unnecessary access. These ongoing reviews should prioritize manager-level personnel, who, according to the 2015 Insider Threat Spotlight Report, are the highest risk cohort due to the large volumes of sensitive data they can access.

Contributors

Aaron Bishop |

Aaron Bishop is a Senior Associate at Arc Aspicio. A transplant from the environmental consulting sector, Aaron focuses on the intersection of organizational design and human potential. He graduated Magna Cum Laude from the College of William and Mary with a B.S. in English and Environmental Policy.

Top Qualities of Design Thinking Leaders

Top Qualities of Design Thinking Leaders

Design Thinking is on the rise in the business world. Design Thinking leaders focus on creating the best product for their clients and working with the experiences and insight of fellow coworkers. Some of the key characteristics of Design Thinking leaders present themselves in individuals who are open and subject themselves to vulnerability with clients and coworkers. These qualities help leaders to connect and build relationships with others. They also create an open flow of communication that allows for others to better share their knowledge to align with and understand the company's mission.

Think, Key, Speak: Purposeful Communications

Think, Key, Speak: Purposeful Communications

I spent the early years of my career in the United States Navy as a Naval Flight Officer on the E-2C Hawkeye, the Navy’s aircraft carrier-based Airborne Early Warning and Command and Control platform. The various missions of the aircraft demand that aircrew monitor up to ten radio frequencies, and actively speak on three or four of those, at any given moment in flight.

How Can Communities Ready Themselves for a Major Power Grid Event?

How Can Communities Ready Themselves for a Major Power Grid Event?

Communities are often the foundation for an expedited recovery following major events. But how can communities strengthen their response to, for example, a major cyber-attack or natural event, such as an Electronic Magnetic Pulse solar flare? A United States electrical grid failure could destroy a number of the nation’s high voltage transformers causing widespread outages for several weeks, even months. A public health emergency could quickly ensue particularly among the vulnerable as the ripple effects cause significant societal disruption. The Federal Emergency Management Agency’s (FEMA) strategic plan encourages and empowers communities to prepare for the inevitable impacts of future disasters. How can communities prime for major events?

Confessions of a Chief Strategy Officer

Confessions of a Chief Strategy Officer

I’ll admit it, I was a little smug. After more than 20 years in the consulting business helping clients develop, implement, and integrate their strategies, I thought… “how hard could it be to do the same things for my own company – a company of consultants?” I had the commitment of my leadership, a group of talented people, and a plan and resources to grow the company. We had energy and we had a great process and tools to successful. What could go wrong?

Exploring Trends in Strategic Workforce Planning (Attract, Engage, and Retain)

Exploring Trends in Strategic Workforce Planning (Attract, Engage, and Retain)

Federal agencies have been undergoing significant transformation, requiring effective workforce strategies that can assist them in facing increasing challenges. As government leaders look for and implement initiatives to improve performance, Strategic Workforce Planning, (SWP) has become instrumental in assisting organizations to focus on their most important resource: their people

#Innovate Your Heart Out: We See an Innovation Day in Your Future

#Innovate Your Heart Out: We See an Innovation Day in Your Future

Innovation is difficult to harness for organizations of all sizes (Government and private sector alike). Replicating a process to encourage and produce innovation is even more challenging. Innovating in a structured space and time seems counter-intuitive, and begs the question: can thinking outside the box be a structured activity? Arc Aspicio recently held an Innovation Day to answer this question.

A Unified Brand Helps Serve a Complex Mission

A Unified Brand Helps Serve a Complex Mission

The Department of Homeland Security (DHS), created in 2003, undertook the most significant reorganization of federal agencies since the Cold War. It brought together federal, state, local, tribal, and territorial agencies with a focus on securing the U.S. from threats in a collaborative way. DHS pulls together five complex mission areas: preventing terrorism and enhancing security; managing our borders; administering immigration laws; securing cyberspace; and ensuring disaster resilience.