The insider threat is real and, in some cases more prevalent than an outside attack.
Along those lines, the DHS National Cybersecurity and Communications Integration Center created a guide to help organizations guard against malicious insider activity.
The guide – “Combating the Insider Threat” – includes an expansive list of behavioral characteristics of insiders that could become a threat to the integrity of networks and information security.
Here’s what to watch out for: Introverts, greed or financial need, compulsive behavior, reduced loyalty, a penchant for minimizing one’s mistakes or faults, intolerance to criticism, moral flexibility, a lack of empathy and a pattern of frustration or disappointment.
Those characteristics likely apply on some level to a large percentage of employees in any organization, so perhaps of greater use is a list of commonsensical indicators for malicious threat activity: Remotely accesses the network while on vacation, sick at odd times; works odd hours without authorization; notable enthusiasm for overtime, weekend or unusual work schedules; unnecessarily copies classified material; alcohol/drug abuse, and shows signs of vulnerability – among others.
An insider threat is a current or former employee, contractor, or other business partner who has or had authorized access to an organization’s network, system, or data and intentionally misused that access to negatively affect the confidentiality, integrity, or availability of the organization’s information or information systems.
Insider threats include sabotage, theft, espionage, fraud, and competitive advantage. They often end up carried out through abusing access rights, theft of materials, and mishandling physical devices.
Insiders do not always act alone and may not be aware they are aiding a threat actor (i.e. the unintentional insider threat).
It is vital that organizations understand normal employee baseline behaviors and also ensure employees understand how they could end up used as leverage for others to obtain information.
Click here to download the Combating Insider Threat guide.