“Our problems are man-made. Therefore, they may be solved by man. And man can be a big as he wants. No problem of human destiny is beyond man.”
– John F. Kennedy
As we know, Insider Threat affects both the public and private organisations.
Insider threats are one of the biggest security challenges that Government face.
The sheer complexity of Government infrastructure and the critical and sensitive value of the information Government possess makes it easy for a clumsy or a malicious insider to compromise security and potentially cause severe damage.
Some of the most significant insider threat incidents took place within Government.
The CERT Insider Threat Centre (NITC) contains over 1,500 insider threat incidents used as a foundation for their empirical research and analysis.
Overview of Insider Threats within Federal Government
In total, CERT identified 77 non-espionage insider incidents where a Government agency was both the victim organisation and the direct employer. However, there were 34 additional incidents where an insider incident impacted an agency at another organisation.
By and large, these were incidents where a federal government organisation had employed a consultant or contractor.
The number one most observed Insider Threat incident with Federal Government was Fraud, followed by “Other Misuse”.
Insiders have a significant advantage over external attackers. This is because not only they are aware of the organisation policies, procedures and technology, but they are also often aware of the vulnerabilities.
Insider incidents are inevitable, and at some point, your organisation is likely to be compromised.
While this is unfortunate, it is a reality that must be proactively prepared for if your organisation is to withstand such threats.
Remember, there is no silver bullet in preventing insider threats. Having too many security restrictions can impede an organisation mission, and having too few may permit a security breach.
Fraud Snapshot Analysis
Around 61% of incidents impacting federal organisations involved Fraud. It included issues of fraud, waste, and mismanagement of federal funds.
As mentioned, the second most observed Insider Threat incident with Federal Government was “Other Misuse”.
Other Misuse by insiders can be described as those incidents that involve the unauthorised use of organisational devices, networks, and resources that are not better classified as Theft of IP, IT Sabotage, or Fraud.
Examples of Other Misuse include the use of organisational resources for personal benefit (e.g. obtaining access to colleagues' emails without consent or a proper business purpose) or committing another kind of cyber-related crime (e.g. stalking or purchasing drugs), which in turn violate organisational policies.
Insiders committing Fraud in Government tended to be in trusted positions and committed the incident during working hours.
The median financial impact was between $75,712 and $317,551, and three fraud incidents had a financial impact greater than $1 million or more.
Insiders who commit fraud are usually low-level employees who use authorised access during regular business hours to either steal information or modify information for financial gain. Insider fraud crimes are often long and ongoing and are bad news for the actual organisation.
Stolen information is usually Personable Identifiable Information (PII) such as payroll or other sensitive information, which is then sold to outsiders who commit the actual fraud against the organisation.
Perhaps the most notable feature of insider incidents within the Government was how prevalent incidents of Other Misuse. It is most likely that insiders that committed Other Misuse generally did so in furtherance of an additional crime.
Suggested Mitigation Strategies
Are you experiencing an insider threat situation right now and not sure how to address it?
Are you interested in standing up an insider threat program?
If so, here is a simple two-step process for you to follow: