It’s true that many of the most damaging data breaches are caused by trusted insiders who make mistakes and fall prey to attackers. There are also plenty of examples of malicious insiders who have caused chaos and driven loss after they decided to go rogue. Last week in Dark Reading, writer Jai Vijayan provided a detailed look at the insider threat and gave readers guidance on how to spot red flags. To create the report, Jai enlisted input from a number of expert sources, including our CEO, Christy Wyatt, who told Jai:
There are many critical behavior red flags that you can look for in order to accurately and quickly pinpoint insider threats. Three of the major red flags we see are data exfiltration, obfuscation, and bypassing security measures.
In addition to the insight Christy provided, Jai pinned down the top 6 ways to spot a rogue insider:
1) Keep an eye on employees and trusted outside users — such as contractors — who attempt to access systems to which they don’t have the rights or have never accessed previously.
2) Watch out for employees or contractors who suddenly gain admin rights or have access to documents outside of their departments or job functions.
3) Look for unusual rates of copying or of files moving between servers or from the corporate network to external systems via cloud services, USB, or personal webmail.
4) Monitor employees demonstrating negative behavior traits. Indicators to look out for include sudden or unusual introversion, compulsive or destructive behavior, passive aggressiveness, a sense of entitlement, and the inability to assume responsibility or take criticism.
5) Watch for insiders trying to cover their tracks. Activities that indicate attempts at obfuscation are the use of Tor browsers, unusual use of encryption software, and incognito and private browsing mode.
6) Keep an eye out for installation of proxies, use of password-cracking apps, copying and pasting sensitive data into seemingly innocuous files, and attempts to disable or tamper with security tools such as DLP.
Read Jai’s full story here: 6 Ways to Tell an Insider Has Gone Rogue
US Attorney General Calls out Insider Threat, Importance of Privacy
In advance of the 2018 midterm elections, government agencies and security vendors have been busy making announcements about how they are shifting their focus to defending the United States against another fiasco like the one that took place in 2016.
As a sign that it is taking threats to elections seriously, The United States Department of Justice has indicted 12 Russians for hacking the DNC, DCCC and Hillary Clinton Campaign. Last week, the Attorney General released a 144-page report from its Cyber Digital Task Force outlining how it intends to respond to digital crimes including those that jeopardize November 6 outcomes.
In the report, the task force emphasizes multiple times the significance of the insider threat and how it must have the power to prosecute related crimes. It also points out that “privacy” must be considered. According to the report:
Prosecutors should have adequate statutory authority to pursue insiders who abuse their computer access for illicit means. Any such authority should also ensure appropriate consideration and treatment of legitimate privacy-related concerns.
Dtex certainly agrees that insider threats must be detected, mitigated and handled appropriately. We also concur that privacy should be a high priority, especially where trusted insiders and employees are concerned.
More on Privacy
Several weeks back, Dtex became the first user behavior intelligence provider to show the market that it is as committed to insider threat detection as it is to privacy protection. Not only did we announce the United States Patent and Trademark Office awarded us a patent for our anonymization methodology, we also provided organizations with a Harris Poll survey that gives guidance on how to gain employee support for monitoring operations.
Last week, the human resource industry took notice of the report when Benefits Pro published a feature story about the findings. In “Employees okay with digital monitoring programs, if they’re transparent,” writer Marlene Slatter pointed out:
Key takeaways from the study, says Dtex in the report, indicate that employers can put effective cybersecurity in place that increases visibility and reduces insider threat risk while still respecting employee privacy—and still gain employee support. But employers should also anonymize data, only monitor activities to cut security risks, and not eavesdrop—nor should they review and analyze collected data until after a security threat has been found.
Women in Security
The security industry isn’t showing any signs of switching direction on the issue of diversity. With many organizations and publications picking up the torch, it is becoming more and more apparent that women are playing key roles in the field. In one of the most recent lists of top women in security, Cybersecurity Ventures added Christy Wyatt. Check out the magazine’s list of women to watch and don’t forget to follow @christywyatt on Twitter.