National Insider Threat Awareness Month

September is National Insider Threat Awareness Month! The National Counterintelligence and Security Center (NCSC) and the National Insider Threat Task Force (NITTF) are launching a month long campaign to educate federal employees, private sector stakeholders and other audiences on the importance of safeguarding our nation from insider threats and to share best practices for mitigating those risks. Every organization should take this opportunity to educate themselves on insider threats and assess their preparedness. Are you doing everything you can to ensure your data is protected from malicious or negligent employees?

The Insider Threat Is Real

Insider threats pose serious risks to government and the private sector alike. It’s a growing problem that shows no signs of slowing down. According to the 2019 Insider Threat Report from Cybersecurity Insiders 70% of respondents said insider attacks have become more frequent over the last 12 months, and 60% have experienced one or more insider attacks within the last 12 months.

Organizations have traditionally focused on protecting data from outside threats like hackers, malware and ransomware often overlooking that insiders can pose just as big a threat. After all, they have legitimate access to your company’s most valuable data and assets. The NCSC press release detailed some real-world examples of the serious impact insider threats have had on both government and business alike. Here’s a snapshot of the insider incidents referenced:

Nation-State Espionage

  • A former State Department employee was sentenced to prison for lying about receiving tens of thousands of dollars in gifts from Chinese intelligence agents in exchange for providing them with internal State Department documents.
  • A former U.S. service member and counterintelligence agent was indicted for delivering national defense information to the Iranian government and allegedly helping Iranian hackers target her former U.S. Intelligence Community co-workers and colleagues with cyberattacks.

Cyber Incidents

  • A new report from the Office of Management and Budget found that more than half (16,604) of the 31,107 reported cybersecurity incidents suffered by the federal government in 2018 resulted from email/phishing attacks that federal employees fell for, or from improper use of computer systems by employees with authorized access.
  • A Pakistani national and his co-conspirators paid AT&T insiders more than $1 million in bribes to unlock more than 2 million cell phones by installing malware and unauthorized hardware on AT&T’s computer systems.

Unauthorized Disclosure / Retention of Classified Information

  • A former National Security Agency (NSA) contractor was sentenced to prison for stealing and retaining classified information at his home.
  • In 3 separate incidents former government contractors and an FBI agent provided classified information to news reporters/outlets.

Theft of Intellectual Property (IP)

  • As we blogged about last week, former Google executive Anthony Levandowski was indicted on charges of theft of trade secrets on autonomous vehicles from Google.
  • Former General Electric (GE) employee Xiaoqing Zheng was charged with conspiring to steal GE turbine technologies for China while employed by GE.
  • An individual was charged with theft of trade secrets related to a product worth more than $1 billion from his U.S.-based petroleum company employer.
  • Last October an indictment detailed how Chinese intelligence officers recruited an aerospace company employee to install malware on a company laptop to facilitate cyber intrusions and theft of trade secrets.

Protect your data equally against external and internal threats

While shocking this list represents just a few of the insider incidents that are becoming commonplace in both government and business. Our advice for National Insider Threat Awareness Month knowledge seekers – your data security practices need to protect equally against both external and internal threats.

Collaboration tools have made it easier than ever to give employees access to data to get their job done. However, giving users open access to everything (that includes your administrators) is no longer a viable option. Companies need to limit what trusted users can see and access based on who they are and other important variables, and then control what they can do with sensitive information. This will not only the mitigate risks created by malicious employees, but the more unassuming threat – simple human error.

Resources for Insider Threat Detection and Prevention

For additional guidance on how to safeguard against insider threats, we’ve put together some National Insider Threat Awareness Month resources to help you in your quest to secure your organization from the inside out.