Black Hat: An Insider Take on the Insider Threat

Last Wednesday began the start of Black Hat 2016 and with it multiple discussions on the many security and privacy issues that affect the information security community, none more prevalent than the insider threat.

On the first day of Black Hat, Forcepoint Chief Technology Officer Dr. Richard Ford examined the challenge of the insider threat. In a presentation entitled Inside Out – Viewing Everyone and Everything as Potential Insider Threats,  Dr. Ford noted that part of the challenge of addressing the insider threat may be in the terminology itself.  Words influence the way we think. The terminology “insider threat” suggests that organizations can’t trust their employees when in fact the aim is to protect them.  

Dr. Ford suggested consistently using three distinct categories when assigning an insider threat; these are:

• Accidental Insider: Employees who inadvertently cause harm by clicking on a link or downloading items they believe to be legitimate.
• Reckless Insider:  Employees who actively ignore or bypass, without malicious intent, directives from IT on the safe or acceptable use of corporate technology and outside applications.
• Malicious Insider: Employees who intentionally misuse access to confidential intellectual property or company systems for the purpose of theft, sabotage or fraud.

While malicious insiders might more often make the news, they’re not primarily driving the rise in breaches. That’s because while users press the keys, it’s programs that carry out the actions, meaning  everything running within a system is a potential insider threat.

Jim Fulton, senior director of Forcepoint marketing, addressed the changing view of the “insider” with visitors to the Forcepoint booth at Black Hat.

“People are beginning to see that this notion of the “insider” isn’t the rogue employee, but is actually anything inside the network, including programs. In fact, if you look at insiders as being anything operating in your network, that greatly simplifies things,” said Fulton.

Fulton also emphasized that what started with the best of intentions - providing defense in depth - has begun to spiral out of control.  Adding a separate solution every time attackers change their methods is no longer feasible. A unified approach that addresses a much larger number of attacks while stopping the flood of point products allows organizations to zero in on protecting the thing that really matters, critical data.

Check out the links below for more information on unified content security.

• The Need for Unified Content Security, part one in a 3-part drip white paper series on unified content security.
• Why Unified Security Solutions Are a Necessity. Doug Copley, Deputy CISO; Bob Hansmann, Director of Product Marketing; and Carl Leonard, Principal Security Analyst, explain Unified Content key concepts.