Insider threats: If it can happen to the FBI, it can happen to you

Insider threats: If it can happen to the FBI, it can happen to you

If you’re worried about the risk of insider threats, you’re not alone. It can affect anyone, even the FBI. A federal grand jury has just charged a former intelligence analyst with stealing confidential files from 2004 to 2017. That’s an incredible 13 years of “What are you doing with that pile of classified material?”. Even more so, considering the indictment states the defendant did not “…have a ‘need to know’ in most, if not all, of the information contained in those materials”.

There’s lots of ways this kind of data collection and retention could go wrong. What happens if the person hoarding the documents decides to sell to the highest bidder? Or even just starts giving it away to specific entities? Could it all be digital? What happens when a random third party compromises the PC / storage the files are located on?

How about a plain old burglary, with unsuspecting thieves swiping an inconspicuous looking external hard drive?

However you look at it, this is not a great situation for those files to be in.

The safe zone is compromised

Organisations have multiple problems dealing with the issue of insider threats. They feel more comfortable locking down their data from outside entities. Mapping out ways to keep the soft underbelly of the organisation protected from its own employees is more difficult.

This makes sense. It’s frankly overwhelming for many businesses to figure out where to even begin. How many physical security experts do people know? What about social engineers? Hardware lockdown specialists? The IT department should know their way around firewall configuration. However, there may be weak spots in auditing folks with privileged IT access.

Is there someone at a business who has an idea that printer security is even a thing? If not, that could spell trouble.

Anyone can be a security risk

There’s many forms of insider threat, which we’ve explored in great detail. They differ greatly, and their motivations can differ considerably from individual to individual. If you’ve never considered the difference between intentional and unintentional insiders, and all the different varieties thereof, then now is a great time to start.

If your approach is simply “a bad person wants to steal my files”, any potential defences likely won’t contain enough nuance to be sufficient in the first place. It’s a big, complicated problem. There are lots of moving parts. It needs the same level of thought and attention given to other areas of business security elsewhere.

Some additional reading

This FBI insider threat story is quite timely, given how much attention the subject is experiencing recently. Some additional reading for your consideration:

This is hopefully just the splash of light reading material required to get you up to speed on this insidious form of data exfiltration.