Weird Security Term of the Week: "Insider Threat"

The Problem:  You have a very upset employee that has been passed over for a number of promotions and pay raises over the past several years.  They have been very vocal regarding their opinions and have been in general creating a hostile atmosphere.  Eventually, management has no choice but to terminate his employment with the organization.
Three weeks later, an email is sent out regarding a massive breach of the organization’s electronic systems, followed shortly afterwards by articles in the local media.  After an enormous amount of resources are expended in tracing the attack method, it was found that this former employee still had access after they left the organization and was paid handsomely for their credentials by a malicious organization.  After the malicious organization received the credentials, they used them to gain access to internal systems and then elevated their credentials through exploits to gain full permissions to the organization.
An “Insider Threat” is one of the most difficult attack vectors to defend against, because it comes from inside the perimeter- beyond the protection layer that most organizations have to keep the outside out.  Good credentials, access to physical locations, and knowledge of the organization’s security posture can be gold to the correct malicious organization- whether it is for profit, politics or sport.
The Solution:  “Insider Threats” are difficult to manage, but it can be done through a number of solutions.
Solution the First:  User Education

A common issue is that users don’t understand why certain processes are required.  If users don’t understand something, they are more likely to ignore it.  However, a properly educated user is more aware of why they individually are important in the grand scheme of security, and is more likely to point out issues that could potentially cause problems down the line.
Solution the Second:  User Morale

Just like user education, user morale is a critical security factor.  An unhappy user is a dangerous user, and is more likely to try to make a quick buck to mess with the people that are giving them a hard time.  Keeping user morale up and thriving on the other hand will again make them more likely to feel like they can bring forward potential problems and share what they see.
Solution the Third:  Security Policies

Users will inevitably leave the company, and as such it is vital to be able to show that they no longer have access to company resources.  This means more than just canceling their company credit card and asking for the key to the executive washroom.  It means contacting 3rd party vendors that they have remote access to, blocking access to VPN accounts, redirecting email to someone that is going to pick up where they left off and so on.  If a user is educated and sad about leaving the organization, they will be helpful every step of the way.  If on the other hand they can’t wait to get out the door, it is important for all staff to be aware of their requirements for when a user leaves so that it can be completed as quickly as possible.
Honorable Mention:  2-Factor Authentication

Further Reading:
FBI:  http://www.fbi.gov/about-us/investigate/counterintelligence/the-insider-threat

Battling Insider Threats is no easy task, but if you can keep users on your side and make them feel comfortable enough to share unusual activity that they have seen- it makes the job far less difficult.  Security as always requires the assistance of everyone at an organization, and keeping users safe and happy is a top priority.

http://0.gravatar.com/avatar/eb52d6c11775bcf1a510b14c56b3402aKurt Ellzey has been involved in Information Security and Technology for the better part of the past 15 years. During that time, he has been published as part of the compilation Security 3.0, the writer for the Ramp with 5 Levels, and a contributor at LIFARS with the Weird Security Term of the Week series. More information about Kurt can be found on LinkedIn or on Twitter.