eBook - ePub
Insider Threat
Prevention, Detection, Mitigation, and Deterrence
Michael G. Gelles
This is a test
Share book
- 252 pages
- English
- ePUB (mobile friendly)
- Available on iOS & Android
eBook - ePub
Insider Threat
Prevention, Detection, Mitigation, and Deterrence
Michael G. Gelles
Book details
Book preview
Table of contents
Citations
About This Book
Insider Threat: Detection, Mitigation, Deterrence and Prevention presents a set of solutions to address the increase in cases of insider threat. This includes espionage, embezzlement, sabotage, fraud, intellectual property theft, and research and development theft from current or former employees. This book outlines a step-by-step path for developing an insider threat program within any organization, focusing on management and employee engagement, as well as ethical, legal, and privacy concerns. In addition, it includes tactics on how to collect, correlate, and visualize potential risk indicators into a seamless system for protecting an organization's critical assets from malicious, complacent, and ignorant insiders. Insider Threat presents robust mitigation strategies that will interrupt the forward motion of a potential insider who intends to do harm to a company or its employees, as well as an understanding of supply chain risk and cyber security, as they relate to insider threat.
- Offers an ideal resource for executives and managers who want the latest information available on protecting their organization's assets from this growing threat
- Shows how departments across an entire organization can bring disparate, but related, information together to promote the early identification of insider threats
- Provides an in-depth explanation of mitigating supply chain risk
- Outlines progressive approaches to cyber security
Frequently asked questions
How do I cancel my subscription?
Can/how do I download books?
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
What is the difference between the pricing plans?
Both plans give you full access to the library and all of Perlegoâs features. The only differences are the price and subscription period: With the annual plan youâll save around 30% compared to 12 months on the monthly plan.
What is Perlego?
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, weâve got you covered! Learn more here.
Do you support text-to-speech?
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Is Insider Threat an online PDF/ePUB?
Yes, you can access Insider Threat by Michael G. Gelles in PDF and/or ePUB format, as well as other popular books in Commerce & Gestion de l'information. We have over one million books available in our catalogue for you to explore.
Information
Topic
CommerceSubtopic
Gestion de l'informationChapter 1
Introduction â Insider Threat Today
Abstract
Insider threats are a critical risk to organizations. Leaders need to be familiar with these threats and how they can impact their business, including asset loss and a negative impact on brand and reputation.
Keywords
insider threat; virtual; non-virtual; exfiltration
Introduction
The insider threat is not a new phenomenon. Examples of trusted insiders exploiting, sabotaging, and committing acts of violence against those to whom they were outwardly committed are pervasive throughout human history. Recently, the topic of insider threat has received heightened attention as a result of high-profile incidents: Edward Snowden, the leaker of confidential NSA information; Aaron Alexis, the Navy Yard shooter; and many others. These incidents have reminded leaders that threats to their organizationsâ most precious assetsâphysical and information security, financial standing, and missionâmay come from within. This phenomenon deserves the attention of leadership in all industries so that organizations are equipped to effectively prevent, detect, and respond to emerging threats.
As many organizations are learning, insider threats can have a significant impact on an organizationâs reputation, operations, finances, employee safety, and shareholder confidence. In Government, insider threats can affect national security, public trust, and public safety. The challenge of doing business today is protecting assets in a global and virtual environment with a workforce that is increasingly tech-savvy and ubiquitously connected to information and technology. Although the United States Federal Government has rolled out policies to achieve an enterprise-wide standard for insider threat mitigation capabilities, the private sector has no such mandates or benchmarks.1 It is, therefore, difficult for private organizations to assess where they stand relative to peers and to make decisions regarding their insider threat mitigation capabilities.
Looking Ahead
Financial volatility and interconnected business have amplified risks to both the private and public sector in todayâs changing global environment. A new set of organizational competencies is needed to mitigate insider threats as localized or compartmentalized business relationships have given way to distributed, virtual ones. This shift has forced leaders to manage evolving, networked organizations that need to prevent, detect, and recover from a diverse and growing set of threats in the workplace. If organizations successfully address these risks and prioritize insider threat mitigation as an organizational priority that is viewed as shared responsibility, they will likely adapt a balanced and integrated approach to protecting the organizationâs critical assets: its people, facilities, systems, and data.
Although it may not be realistic to expect that every attempted insider attack will be stopped before damage is inflicted, it is realistic to build resiliency into an organizationâs infrastructure and develop an early detection capability, thereby minimizing impact. This book takes a risk-based approach to insider threat mitigation that focuses on protecting the organizationâs critical assets and defining the collective risk tolerance for assets.
This Book
A team of insider threat experts helped to develop this book to assist organizational stakeholders at all levels prepare for and protect their organizations from insider threat. Each chapter addresses different aspects needed to develop a holistic and risk-based insider threat program. This book also provides general information about insider threat mitigation to interested parties in the public, private, and academic sectors. Working with organizations across a broad spectrum of industries to develop holistic insider threat mitigation solutions has allowed the authors to share hands-on knowledge of what is needed to create mature programs. We advocate a holistic approach to insider threat that is two-pronged: engage all programmatic aspects of the organization and address all facets of individualsâ interactions with the organization. This book shares what the authors have learned designing, building, and implementing insider threat programs, including the themes and challenges that organizations commonly experience yet rarely disclose in public forums.
This book covers all aspects of an insider threat program and explores key considerations as well as leading practices. Chapters 1â3 survey how the environment has evolved to impact organizationsâ vulnerabilities to insider threats. Chapters 4, 6, 7, and 13 outline the building blocks for an insider threat program, including, potential risk indicators, risk appetite, and the establishment of a formal program. Chapters 5 and 8â12 explore specific components of insider threat mitigation, including personnel management, data analytics, information security, technology, cybersecurity, supply chain risk, and employee engagement. Chapter 13 examines the last stage of the insider threat life cycle: what organizations should consider when deciding on how to respond to insider threat incidents. Chapters 10 and 14 discuss matters revolving around workplace violence and privacyâtwo especially sensitive issues that must be tackled throughout the design, build, and implementation of an insider threat program. Finally, Chapter 15 explores the future of the insider, and what organizations can do to put themselves ahead of the curve.
What is Insider Threat?
Insider attacks take many forms, such as industrial or government-sponsoredespionage, workplace violence, fraud, sabotage, or the unauthorized dissemination of trade secrets, intellectual property (IP), or classified information. Organizations face a variety of insider threat challengesârisks posed by employees, contractors, vendors, and business partners who may cause harm.
As a result, the insider threat is often understood differently across disciplines. For example, chief information security officers may view insider threat exclusively through the lens of an employeeâs activity on an information system. A chief security officer may view insider threat through the lens of suspicious behavior as an employee interfaces with an organizationâs facilities or tangible assets. These fragmented conceptions of what constitutes an insider threat do not account for the holistic and multifaceted nature of how individuals interact with the organizations they work for, or partner with.
For the purposes of this book, insider threat is defined from a holistic and programmatic perspective to encompass the entire enterprise (Figure 1.1). An insider is a person who possesses some combination of knowledge and access that distinguishes his or her relationship with the organization from those of outsiders. An insider can be an employee, contractor, vendor, or, in some cases, a family member of a trusted employee. The insider threat is the potential for an insider to harm an organization by leveraging his or her privileged level of knowledge and/or access. An insider threat is not necessarily driven by malevolent intent: it may also constitute an individual who is complacent or ignorant about security policies and procedures. A lack of training, for example, can goad ignorance or complacency. These dispositions can provide opportunities for othersâboth insiders and outsidersâto breach physical or virtual security countermeasures. Throughout this book, insider threat drivers will include (1) malicious, (2) complacent, and (3) ignorant.
Organizations often prioritize external threats over insider threats. Attacks by parties with insider knowledge and access are less frequent than attacks by external actors. As a result, organizations often invest less in developing an insider threat mitigation program as part of a risk management strategy. It is important, however, for organizations to understand that insiders can assist an external attacker, sometimes unintentionally. For example, an employee or contractor, either ignorant of or complacent toward organizational policy or security threats, may unwittingly download malware onto the network, giving attackers access to IP, personally identifiable information, or sensitive data, such as, customer credit card information.
What Motivates an Insider to Act?
Insider threats exist within every organization because employees, or insiders, comprise the core of an organizationâs operational plan and are the key drivers of its business objectives. An insider threat may be an employee who, purely by mistake, is likely to act in a way that results in negative consequences for the organization. Such employees may also conduct themselves in a high-risk manner because their organization lacks defined policies, training, or communication. Unlike ignorant or complacent insiders, malicious insiders act in response to a complex set of problems, conflicts, and disputes, or crises both personal and professional in nature.
Malicious insiders may be motivated by money, revenge, validation, or empowerment. They may possess an exaggerated sense of entitlement. Some may operate as spies for a foreign government or steal critical IP for a competitive entity. Attacks by malicious insiders are seldom impulsive acts. A number of case studies have confirmed this by evaluating the precursors or indicators displayed by the insider before taking action (e.g., declining performance, undue access attempts, negative workplace interactions). Employees wishing to harm a current or former employer, business partner, or clientâwhether by stealing trade secrets, sabotaging information systems, or by opening fire on colleaguesâusually plan their actions. Because this behavioral pattern is subtle, it is often difficult to detect and prevent an insider threat simply by observing an insiderâs behavior. This book will examine how to proactively mitigate threats by developing, correlating, and analyzing a set of potential risk indicators (PRIs) as part of the insider threat mitigation program.
Environmental Drivers
A number of environmental factors contribute to the potential for increased exploitation of information, access, and data by a trusted employee. The first is the increased use of technology and digital information systems, due in part to a generational workforce that has grown up with the internet, personal computers, and other data and communication devices. These tools are part of the daily lives of this generationâs members and critical to the way they process information and solve problems. The Internet has also promulgated the expectation of free access to information resources. Combined, these factors lead people to seek solutions that may involve the exploitation of data and critical information, or excessive risk when using organizational resources or handling proprietary information.
âBricks and Mortarâ to âBits and Bytesâ
As technology continues to evolve and many of our daily activities are performed ...