Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Why we can't stop malicious insiders

Taylor Armerding | June 18, 2013
Snowden case shows that organizations can limit, but not eliminate, the damage done by inside attacks

Security experts have been saying for years that insiders — malicious, careless or simply unaware — are a greater threat to organizations, both public and private, than hackers.

And the world got another illustration in support of that argument last week when the most famous whistleblower of the moment, Edward Snowden, admitted he had leaked top-secret documents about the National Security Agency's (NSA) surveillance —both telephone and online —of American citizens to The Guardian and The Washington Post.

Snowden was technically not an NSA insider. The former CIA technical assistant was working for Booz Allen Hamilton as an infrastructure analyst for the NSA (Since admitting he was the source of the leaks, he has been fired). But, he had insider privileges, which is essentially all that matters.

And that raises again the question of whether organizations should put more effort into securing themselves internally than in fighting to keep out malicious attackers. But it also raises the question of whether extra effort is even worth it, since neither training nor technology can stop every insider threat.

Snowden said in a video interview with The Guardian that his level of privileges meant that, "I, sitting at my desk, certainly had the authorities to wiretap anyone, from you or your accountant, to a federal judge or even the president, if I had a personal e-mail."

And even if he is extradited from Hong Kong and prosecuted, whatever damage has been done by exposing government secrets isn't going to be undone.

There is no universal agreement on the level of the insider threat, even though the Snowden case has received international attention. According to Verizon's 2013 Data Breach Investigations Report, insiders were responsible for only 14 percent of confirmed data breaches. "Our findings consistently show that external actors rule," the report said.

But other experts say the key word there is "confirmed." Gary McGraw, CTO of Cigital, said he suspects a majority of data breaches are never announced.

"I wouldnt be surprised if they (insider breaches) are understated."

Mike DuBose, a former Justice Department official who led the agency's efforts on trade-secret theft and who is now the head of the cyber investigations unit at the risk-management firm Kroll Advisory Solutions, told Brian Fung of National Journal that, "Amidst all the concern and discussion over foreign hacking, what gets lost is the fact that the vast majority of serious breaches involving trade secrets or other proprietary or classified information are still being committed by insiders."

McGraw noted that the power of insiders is demonstrated by the fact that the goal of hackers is to become insiders.

And the impact of insider breaches is more significant than frequency, said Carson Sweet, CEO of CloudPassage.


1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.