Combatting the Insider Threat
Additionally, DHS should continue to bolster systems that detect the behavioral red flags preceding a malicious cyberattack. Agencies can share information about anomalous behaviors with employees, as employees who work alongside an insider may be in the best position to recognize unusual behavior. DHS currently recognizes a more systematic approach: behavioral methodologies that establish normal use trends (i.e., baselines) of employee cyber activity and evaluate new cyber activity against these trends. When cyber activity deviates from the baseline, this system identifies employees who may be in the process of going rogue.
According to a majority of Federal information technology (IT) professionals, accidental insiders are the greatest IT security threat to their agencies. Lax environments and poor data protection protocols enable employees to accidentally open doors to otherwise secure cyber systems. Online training can emphasize the potential for social media activity to unintentionally leak information, and in-person training helps employees integrate cybersecurity measures into the context of DHS’s larger culture of vigilance. Performing regular audits and effectively managing new-hire background investigations can also reduce the risk of potential accidental insider threats.
Given the dual identity – malicious and accidental – of the insider threat, successfully combatting this risk demands a nuanced approach that balances the need to enhance cybersecurity with the need to promote information sharing and efficiency among Government personnel.
Insider threats are a serious cybersecurity risk to the Federal Government. According to Verizon’s 2013 Data Breach Investigations Report, insider threats, which can be malicious or accidental, comprise at least 14% of confirmed data breaches. Each type of insider threat requires a unique solution.
Malicious insiders intentionally abuse their privileged access to execute cyberattacks. Currently, the Department of Homeland Security (DHS) restricts employee and contractor access only to the sensitive data required for their roles to limit avenues for malicious insiders. Still, the Government must continue to enhance systems that monitor, review, and roll back unnecessary access. These ongoing reviews should prioritize manager-level personnel, who, according to the 2015 Insider Threat Spotlight Report, are the highest risk cohort due to the large volumes of sensitive data they can access.