August 10, 2016

Black Hat: An Insider Take on the Insider Threat

Susan Helmick

Last Wednesday began the start of Black Hat 2016 and with it multiple discussions on the many security and privacy issues that affect the information security community, none more prevalent than the insider threat.

On the first day of Black Hat, Forcepoint Chief Technology Officer Dr. Richard Ford examined the challenge of the insider threat. In a presentation entitled Inside Out – Viewing Everyone and Everything as Potential Insider Threats,  Dr. Ford noted that part of the challenge of addressing the insider threat may be in the terminology itself.  Words influence the way we think. The terminology “insider threat” suggests that organizations can’t trust their employees when in fact the aim is to protect them.  

Dr. Ford suggested consistently using three distinct categories when assigning an insider threat; these are:

  • Accidental Insider: Employees who inadvertently cause harm by clicking on a link or downloading items they believe to be legitimate.
  • Reckless Insider:  Employees who actively ignore or bypass, without malicious intent, directives from IT on the safe or acceptable use of corporate technology and outside applications.
  • Malicious Insider: Employees who intentionally misuse access to confidential intellectual property or company systems for the purpose of theft, sabotage or fraud.

While malicious insiders might more often make the news, they’re not primarily driving the rise in breaches. That’s because while users press the keys, it’s programs that carry out the actions, meaning  everything running within a system is a potential insider threat.

Jim Fulton, senior director of Forcepoint marketing, addressed the changing view of the “insider” with visitors to the Forcepoint booth at Black Hat.

“People are beginning to see that this notion of the “insider” isn’t the rogue employee, but is actually anything inside the network, including programs. In fact, if you look at insiders as being anything operating in your network, that greatly simplifies things,” said Fulton.

Fulton also emphasized that what started with the best of intentions - providing defense in depth - has begun to spiral out of control.  Adding a separate solution every time attackers change their methods is no longer feasible. A unified approach that addresses a much larger number of attacks while stopping the flood of point products allows organizations to zero in on protecting the thing that really matters, critical data.

Check out the links below for more information on unified content security.


About Forcepoint

Forcepoint is the leading user and data protection cybersecurity company, entrusted to safeguard organizations while driving digital transformation and growth. Our solutions adapt in real-time to how people interact with data, providing secure access while enabling employees to create value.