The insider threat has been a challenge that government agencies have had to contend with since well before the days of Edward Snowden. While the fed has made significant strides in addressing the threat, there is still work to be done.
Last week, we reported on the release of the National Insider Threat Task Force (NITTF) “Insider Threat Program Maturity Framework.” According to the NITTF, the framework is “designed to help executive branch departments and agencies’ insider threat programs advance beyond the Minimum Standards to become more proactive, comprehensive, and better postured to deter, detect, and mitigate insider threat risk.” As the news gained notice across the security and government communities, several sources tapped expertise out of Dtex to help make better sense of it.
The most recent piece providing a comprehensive view of the subject came out of the Federal News Network. In, “Agencies made ‘significant progress’ on insider threat, but space is constantly evolving, ODNI says,” Nicole Ogrysco described the framework in detail and pointed out how more guidance on technology layers may be a needed but missing element. Wrote Nicole:
Though the intelligence community has more mature insider threat programs, most agencies are still grappling with the task of installing and advancing user monitoring systems, David Wilcox, vice president of federal business development for Dtex, said in an interview. Dtex provides insider threat technology to some federal agencies.
The framework perhaps focuses more intently on the human elements of insider threat over best, innovative IT practices agencies might consider to gather, monitor and analyze large swaths of personnel data.
It doesn’t detail how agencies might leverage emerging technologies, such as advanced data techniques, data tagging, artificial intelligence and robotics processing, to advance insider threat monitoring programs, Wilcox said.
“That’s something that might be missing from the framework,” he said. “It doesn’t call specifically for an innovation and a technology maturity plan.”
With deep inroads into the federal market, Dtex will continue to monitor and report on the framework’s evolution.
Phishing: The Underestimated Insider Threat
The market doesn’t always connect the dots between phishing and the insider threat. This doesn’t change that fact that phishing sits squarely in the “negligent insider” bucket, which is a class of insider threat created by vulnerable, defenseless and sometimes careless humans. As a primary attack vector, we hear about phishing-based attacks and compromises on a regular basis. It’s a bit of a wonder though, why many IT security professionals underestimate phishing risks.
According to Kacy Zurkus of InfoSecurity Magazine, a new report by SlashNet revealed that “the vast majority of IT security pros fail to understand the actual risks of short-lived but dangerous phishing attacks on the web.” In “Most IT Security Pros Underestimate Phishing Risks,” Kacy wrote:
Conducted over a five day period, a query of 300 IT security decision makers in midsized firms in the US found that 95% of respondents underestimate threats from phishing, revealing a lack of understanding and gaps in protection against modern, fast-moving phishing attacks.
According to the SlashNext 2018 Phishing Survey, most companies do not have adequate defenses against phishing threats on the web, a growing threat that many security pros fail to fully understand. Modern phishing tactics are commonly used to breach networks, a reality that only 5% of survey participants recognize, the report found.
In the annual Dtex Insider Threat Intelligence Report, we found that phishing-based insider threats are pervasive. According to assessments we ran to compile the report:
One of the most common ways that infiltrators get into an organization is through phishing attempts. Most frequently, these phishing attempts enter the organization through personal email accounts.
Let’s hope organizations start to take this insider-driven risk more seriously moving forward.