We’ve seen data breaches due to misconfigured databases, technical malfunctions, and a myriad of other causes including accidental disclosure or theft. Data breaches involving personal health information are on the rise, with many of these disclosures the result of an insider threat.
What are insider threats? The CERT Software Engineering Institute recently updated their definition of insider threat to the following:
Insider Threat – the potential for an individual who has or had authorized access to an organization’s assets to use their access, either maliciously or unintentionally, to act in a way that could negatively affect the organization.
Given this updated definition, it’s no surprise that a report Intel in 2015 shows that 43% of data breaches involved insider threats, a number which has likely grown since then. A 2016 report by Verizon Enterprise highlights that out of 230 incidents involving insiders, 152 involved privilege abuse, meaning that the incident involved someone with authorization to access data for their specific job who used that ability to access information for reasons other than for their job. The report also highlights that while financial motives remain the most common for insider incidents, espionage as a stated motive has grown significantly.
The public sector is also taking a hard look at the best way to combat insider threats, particularly in the past several years with insiders such as Chelsea Manning and Edward Snowden sharing classified information with the world. Insider threats are difficult to detect and deter, because agencies must give individuals access to confidential information and privileged systems in order to do their work, but ensuring that workers do not exploit that privilege is quite the challenge. The Defense Information Systems Agency (DISA) is working on a roll-out of a new, comprehensive, IT services system for the Department of Defense, and is actively looking for a system to aid in combating insider threats. Other agencies are turning to behavioral analytics and big data in an effort to prevent and detect insider threats.
It’s likely that no single software system or management practice will completely eliminate the risk of an insider threat. Organizations will have to harness a holistic approach to security, including technical and management controls to prevent insider threat incidents.