CIA LEAKS: The Growing Era of Insider Threats

The world today is more connected than it has ever been. This of course creates increasing awareness by information security professionals who are always looking for new ways to protect against vulnerabilities in connected devices.

But the real issue here is not that the systems are vulnerable; the bigger issue is that despite the fact that the CIA, NSA and other government organizations have some of the most restricted and compartmented networks in the world, people are still managing to extract the data from the secure environments and distribute them widely. If this is happening on the most restricted networks on the planet, how can regular companies, whose C-suites are not nearly as focused on protecting their data as the CIA is, be safe from leaks?

I imagine that when most people saw the movie Snowden, they thought that it was an accurate description of how he was managing to get data out of the NSA.

Guess what? You’re wrong.

Movies do a great job of romanticizing real events. The truth is, it is highly unlikely that any whistleblower from classified government agencies are extracting data from compartmented networks through the use of removable storage devices. Unless you are a privileged user, it is highly unlikely that you would be able to remove any data onto a USB or SD card. So how is it likely happening? Good old fashioned human couriers, who print the data, throw it in their backpack, and walk out of the building. Individuals like Edward Snowden have solidified how easy it is to walk out of a facility with extremely sensitive data and at the end of the day, still be viewed as so-called “hero”. Crazy right? If he can do this, imagine what can be done in a less secure environment. While systems and data are often well protected from outside attacks, insider threats are much harder to identify. Below are a few ways to protect yourself against insider threats:

Purchase a good UEBA Solution That Fits Your Needs:

Avivah Laten from Gartner recently said the UEBA is a dying market. This may be true from a stand-alone product perspective, however the behavioral analysis provided by UEBA products is needed now more than ever. Products such as Fortscale can help you identify when a user is accessing new servers, areas of the network, and even printing large amounts of information. This could have been extremely useful to the NSA in protecting against Edward Snowden (that Rubiks cube story is pure nonsense!). Other systems, like RedOwl provide data lexicon capabilities which allow companies to monitor the language of emails and other data sources in order to thwart suspicious behavior BEFORE a leak occurs. This can be extremely useful in use cases of insider trading or Intellectual Property protection.

Implement a Strong Data Loss Prevention (DLP) Solution

There are many DLP solutions currently available in the market. It’s important to implement one that fits your internal organization’s needs. Many solutions offer features such as data discovery, which moves sensitive data out of unprotected storage. Solutions are also broken down into monitoring vs. prevention, and manual vs. automated remediation, providing security teams with differing level of resources various options in managing potential data leaks. Many endpoint protection systems also have DLP components which can be easily implemented without the additional purchase of another product.

Protect Your Data in Storage

Implementing data-centric security is also an important factor of thwarting insider threats. This can be accomplished by ensuring sensitive data is encrypted, and proper access controls are in place to protect the data from both privileged and unauthorized users. More importantly, security professionals need to be aware of where data is stored in order to properly protect it. This means implementing protection on cloud architectures, backups and disaster recovery locations as well. Products such as VeraCrypt (a TrueCrypt replacement) can help with adding another layer of security in the ever-growing environment of cloud storage.

In the Information Era, there is nothing scarier than the notion of an insider threat. This is why it is important now more than ever to ensure your data is protected not only against malicious outsiders, but also against that one employee who may just have something to gain from leaking your data. Is your organization prepared for the insider threat?