Defense Dept. unveils counter-insider threat program

In conjunction with National Insider
Threat Awareness month, the Defense Department has launched a counter-insider
threat program aimed at educating its analysts on how to spot potential threats
and suspicious behavior.

“What we are trying to do is tell
people if you hear that, if you see that, if you sense that, pay attention to
that,” Brad Millick, director of DOD’s counter-insider threat program in the
Office of the Under Secretary of Defense for Intelligence, said in a
report on the Defense Department website. “To prevent damage and avert
casualties, we need the workforce’s help.”

Noting that some people are hesitant
to report on their coworkers or even themselves, Rebecca Morgan, chief of the
insider threat division at the Defense Counterintelligence and Security
Agency’s Center for Development of Security Excellence (CDSE), said
counter-insider threat programs, which are meant to deter, detect, and mitigate
risk “are most effective when providing proactive intervention to individuals
who are struggling with everyday stress.”

That intervention, she said, could
prevent either “witting or unwitting threats to the enterprise via unauthorized
disclosure, targeting and recruitment by foreign intelligence, acts of
workplace violence or other forms of harm to the department and its
assets.”

Warning signs and troubling behavior
may include threatening statements or actions, signs of disgruntlement,
ideological challenges or opposition to the mission, circumventing rules or
behaviors reflecting ethical flexibility, unauthorized browsing of files and
records and external influences like substance abuse or financial problems that
impact work.

“Here’s what you need to remember
when combating the insider threat: Understand the normal behaviors of everyone
that accesses your network. When you know the typical behavior, you can more
easily spot anomalies,” said Stephen
Moore, chief security strategist at Exabeam, who called it a hard
truth “that you can’t always trust your citizens – the employees, third parties
and machines operating inside your network.”

Unwitting insiders who open phishing
emails are often the starting point for ransomware attacks “which can then
wreak havoc on organizations’ critical data and systems, let alone the costs of
recovery and possible damage to your brand,” said Caroline Seymour, VP of product marketing, Zerto.

The shortage of IT security professionals can exacerbate the likelihood that an organization will fall victim to an insider threat.  “The pace of cybercrime is continuing to grow so the demand is outpacing the supply of security professionals who can help combat the ever-increasing threats. “With the shortage in security, organizations are consistently operating understaffed, and team members don’t have time to be as vigilant as they should be, which could lead to a slip in security,” said Eric Sheridan, chief scientist at WhiteHat Security. “People make the misconception that the people who are the reason for insider attacks are malicious, however, sometimes they are just individuals who are burnt out.”

Comments are closed.