The insider threat has been largely ignored and misunderstood, even by some of the top security professionals in the industry. At a security conference, a talk was being given on the insider threat. During the Q&A section I asked, “What do you do if the potential malicious insider is an Admin?” The speaker replied, “Pay them more so they do not become disgruntled.”
Is this the answer? Would this have stopped Bradley Manning, the alleged leaker of 250,000 cables to Wikileaks? Money is not always the motivation. For Bradley Manning, perhaps it was to expose all of these documents. For someone like Robert Hanssen, maybe it was the thrill of not getting caught.
So, how can corporations and government agencies protect themselves? The answer is much more difficult than “pay more money.” There are many great insider threat and data loss prevention software products on the market today. However technology alone will not stop a malicious insider.
Let’s use Bradley Manning as the example. Here is a person that copied 1.6 gigabytes of documents to CD. He did this one disk at a time, erasing a read/writeable CD each time, and then burning a new session. If a technological solution was in place so that each time he burned a CD a pop-up box alerted him that he was being monitored and he had to enter a reason for making the copy, and then this data was sent to a centralized server that was reviewed daily, perhaps this leak could have been avoided. It would have become very suspect, very quickly, that the documents being copied to CD in that volume had no reason to be transferred. In fact, the pop-up box alone may have been enough of a deterrent to Manning to stop what he was doing. The insider threat can be addressed through a combination of policy, process, training, awareness and technology. Today I do not believe that a fool-proof solution exists; however, this industry has made great strides in the past few years. Will there ever be a fool-proof solution to this problem? Not sure, but deterrents can go a long way, just like video cameras in a convenience store. They won’t stop crime altogether, but they will prevent some criminals from making the attempt.
B-Side Track