Insider Threat: Protecting the Enterprise from Sabotage, Spying, and Theft

Organizations tend to think that once they hire an employee or a contractor, that person is now part of a trusted group of people. Although an organization might give an employee additional access that an ordinary person would not have, why should it trust that person? If competitors or similar entities want to cause damage to your organization, steal critical secrets, or put you out of business, they just have to find a job opening, prep someone to ace the interview, and have that person get hired. Depending on your adversary’s objectives and patience, you may never know you’ve been compromised until it is too late.

• Don’t Underestimate Your Opponent -- Most large insider attacks are well-orchestrated conspiracies, often involving your major competitors and, at times, foreign governments.
• Factor in the Real Financial Risk of an Insider Attack -- In the case of one pharmaceutical company, annual losses from one attack were estimated at $350M annually.
• Understand the Key Technologies Used By Insiders -- Methods of attack include steganography, encryption, and information extraction.
• Master the Art of Patience -- The first sign of insider threat is usually the tip of the iceberg; surveillance over time will reveal the entire conspiracy.
• Put the Technology to Work -- Tools include mole detection, profiling, monitoring, anomaly detection, signature analysis, and die pad for data.
• Define an Acceptable Level of Loss -- Why Insider Threat analysis should include anticipation of an acceptable level of loss.
• Implement Successful Screening Techniques for New Hires -- Most organizations do not require background checks. Do you know what tip-offs to look for when hiring?
• "Trust No One, Suspect Everyone" Becomes an Essential Mind-Set -- Detecting and determining the source of insider threats mean entering a state of constructive paranoia.
• Protect Your Most Important Intellectual Property Assets -- Access to strategically important formulas, data, and business plans must be restricted and reviewed regularly.

About the Authors

Dr. Eric Cole is currently chief scientist for Lockheed Martin Information Technology (LMIT), specializing in advanced technology research. Eric is a highly sought-after network security consultant and speaker. Eric has consulted for international banks and Fortune 500 companies. He also has advised Venture Capitalist Firms on what start-ups should be funded. He has in-depth knowledge of network security and has come up with creative ways to secure his clients’ assets. He is the author of several books, including Hackers Beware: Defending Your Network from the Wiley Hacker, Hiding in Plain Sight, and the Network Security Bible. Eric holds several patents and has written numerous magazine and journal articles. Eric worked for the CIA for more than seven years and has created several successful network security practices. Eric is an invited keynote speaker at government and international conferences and has appeared in interviews on CBS News, “60 Minutes,” and CNN.

Sandra Ring is the founder of Pikewerks Corporation, an information security company that specializes in Insider Threat. Previously, Sandra was the deputy director of research for The Sytex Group, Inc. While working at Sytex, Sandra participated in original research of rootkit detection, volatile memory forensics, self-healing, and zero configuration networks. Sandra has worked for the Central Intelligence Agency, operated closely with the National Security Agency, and conducted research at the National Aeronautics and Space Administration’s Langley Research Center. She is an author of Cyber Spying: Tracking Your Family’s (Sometimes) Secret Online Lives (Syngress Publishing), and a contributing author to the Network Security Bible.