In the past two years, insider threat incidents have increased by more than 40%—a concerning figure considering remediation costs millions of dollars. Such threats present a real and growing risk, regardless of whether they arise due to malicious actions or negligent ones. Is your organization protected?
Forcepoint's To The Point Cybersecurity
Last month, in honor of Insider Threat Awareness Month, To The Point Cybersecurity podcast featured cybersecurity experts who spoke directly to this issue. They covered everything from defining insider threats to offering insight on how to spot early warning signs.
If your organization is looking to better protect itself from insider threats, we invite you to listen to these episodes, or better yet, subscribe to the podcast.
Bill Evanina joined the podcast for a deep dive on insider threats. As an FBI veteran with over two decades of experience, Evanina offered unique insights into insider threat detection and prevention. He previously served as director of the National Counter-Intelligence and Security Center in the Office of the Director of National Intelligence, before starting his own cybersecurity company called the Evanina Group.
Throughout the conversation, Evanina described how an emphasis on mitigation has overshadowed a robust conversation about what actually constitutes an insider threat. In simplest terms, an insider threat is a human being that comes to your workplace and does something to harm themself or others. That might mean planning and executing economic espionage, but it may also mean physical harm.
To keep everyone safe, Evanina shares that organizations must be able to identify early warning signs. Using behavioral analytics to track logins and keystrokes, with an eye towards anomalous and dangerous behavior, is important for protecting against insider threats. But so is finding a way to understand the state of mind of employees. This is particularly true in the current age of remote work, as managers don’t have the physical proximity to know if an employee is coming to work later or looking more disheveled than usual.
Stressors—like being passed up for a promotion, filing for bankruptcy, or police contact—are often precursors to harmful behavior. Detection is prevention, Evanina explained. To detect potential threats, governments need to have an automated and centralized system that can identify red flags. There must be communication between supervisors, HR, and security for this to happen. Additionally, a senior leader needs to own the program and be willing to train every manager on its policies. While there are legal hoops to jump through regarding continuous monitoring, the protection is worth it.
Maria Bada, Ph.D. is a lecturer in cyberpsychology at Queen Mary University in London and a RISCS fellow in cybercrime. During the episode, she echoed Evanina’s emphasis on stressors as a precursor to dangerous behavior, adding that people are often disinhibited online because of the distanced, anonymous nature of technology.
Having an open cybersecurity culture is important to combatting insider threats, Dr. Bada said. When employees can build deep relationships and feel comfortable expressing their frustrations, they are less likely to become insider risks. Academic research around the personalities of insider threats has suggested they tend to lack social skills or be socially naïve, which puts them in situations where they can be easily manipulated.
A culture of trust and openness is also important for monitoring. An authoritarian approach is tempting given the risks that accompany a data breach, but employees don’t tend to respond well to fearmongering. Instead, organizations should focus on building a culture that emphasizes communication. Then, employees will understand that the goal of all monitoring is to keep everyone safe. They will also be more willing to come forward and admit they may have made a mistake.
For a more insight on insider threats, check out the full episodes. And to stay on top of all kinds of cybersecurity trends, tune into new episodes every Tuesday on Forcepoint.com or wherever you get your podcasts via the links below: