From Edward Snowden and Chelsea Manning to every honest employee within an agency, insider threats – whether intentional or not – pose a tremendous risk to government. Look no further than the recent WikiLeaks release of CIA documentation. Although the organization has not identified the source of those documents, it did say that the documents had been “circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive.” This type of information has a tremendous impact on our national security.
Managing insider threats has been a major mission of security professionals for years. President Obama signed an executive order to curb insider threats; the National Counterintelligence and Security Center has a task force focused exclusively on mitigating insider threats; and Congress continually pushes legislation to limit and punish those involved in insider compromise. But, the threat of a breach as a result of an insider is not always malicious. In fact, simple negligence by an unknowing employee could cause just as much damage.
Also, consider all the Shadow IT infiltrating government systems. From Box to Dropbox to 4shared, employees are accessing unauthorized applications at will, causing headaches, or should I say migraines, for government IT professionals.
The administration should consider all of these factors as it puts together a strategy for defending against insider threats, and this must be a key part of the administration’s cybersecurity plan.
The best weapon in the fight against insider threats is data loss prevention (DLP), a capability that protects data at rest, in motion and in use. Let’s look at some of the key aspects of DLP and why it is such an effective tool against insider threats.
Securing a BYOD environment. Government has worked to introduce bring your own device (BYOD) programs as a way to incentivize potential employees and simply make the government work more efficiently. Security teams can now manage BYOD policies while securing confidential data. Tools can monitor email being downloaded to a native mail app on employee-owned devices and create an inventory of confidential data being stored on them. This tool provides visibility into mobile data loss risk and quickly pinpoints exposures if mobile devices are lost or stolen.
Gain insight into hidden data. Many agencies encrypt data, which is an excellent best practice to use. DLP can look into those encrypted files stored on agency servers and identify what confidential data is stored. This allows managers to know when valuable data is either accidentally leaked or when malicious insiders try to steal valuable intellectual data by encrypting it first in order to avoid detection.
Finding high risk insiders. Not all users are created equal. Some never access valuable data, while others work with it all the time. How do you find something out of the norm? With risk summary reports, DLP systems combine endpoint and network events by user to help identify abnormal behavior patterns for high-risk individuals. While some data loss comes from well-meaning stakeholders – employees, contractors, etc. – these summaries help show the malicious insiders that post a significant threat to higher-value data.
Insider threats are one of the most difficult aspects of cybersecurity to prevent, but one that is most likely to hurt a new administration. With the right DLP strategies, though, the government can mitigate these threats before they cause a problem. For more information on the benefits of an effective DLP solution, click here.