Insider threats can harm a company or a government agency in dozens of ways
The worst insider threats are existential, dangerous enough to literally destroy an organization

The key to maintaining an effective security system is timely detection of security breaches. Widespread use of technology has resulted in massive amounts of data transfer which in turn makes organizations vulnerable to both internal and external threats. Mass shootings, data thefts and other internal breaches of security have cast a spotlight on the issue of insider threats. According to the Security Executive Council, an insider threat is: “Any risk posed by current or formerly trusted individual(s) with access or privileged knowledge; used to damage, deprive, diminish, injure or interrupt organizational stakeholders, assets, critical processes, information, systems or brand reputation. Insider threats include any illegal, prohibited or unauthorized conduct (acts or omissions).”

What Kind Of Harm Do Insider Threats Cause?

Not long ago, a computer programmer working for a Wall Street firm stole 32 megabytes of proprietary computer code with the idea of selling the data to a competing firm. The company discovered the theft through routine network monitoring. The employee was charged and convicted of stealing trade secrets.

This and a number of other examples of the trouble insider threats can cause come from an FBI brochure entitled “The Insider Threat.”

The examples in the brochure mostly relate to thefts of computer files, but experts caution that insider threats go far beyond data theft. For example, they point to Nidal Malik Hasan, the U.S. Army Major who shot and killed 13 people and injured more than 30 others at Fort Hood in Texas in 2009. He worked at Fort Hood as a psychiatrist.

Insider threats can harm a company — or a government agency — in dozens of ways, from stealing proprietary information to injuring or killing people. The worst insider threats are existential— dangerous enough to literally destroy an organization or business.

Experts say that insider threats don’t necessarily match the description of a mass shooter before the act.

Identifying Insider Threats

Experts say that insider threats don’t necessarily match the description of a mass shooter before the act. You’ve heard that description: Someone who has grown withdrawn, moody and disagreeable.

An insider threat secretly plotting to do harm will likely try to hide his or her emotional state from others.

“The FBI lists a number of behavioral indicators that insider threats might display,” says Mike McCall, owner and president of MPM Consulting LLC, a consultancy that helps clients deal with inside threats.

Insider threats might indicate their attention by:

  • Taking proprietary material home without need or authorization.
  • Paying too much attention to matters outside the scope of duties, particularly those of interest to competitors.
  • Accessing the company network remotely while on vacation, sick leave or other unusual times.
  • Disregarding IT security policies by installing personal software or hardware, conducting unauthorized searches or downloading confidential material.
  • Visiting foreign countries for unexplained or odd reasons.

“I’ve asked one of my contacts at the FBI how many of these indicators you would want to see before taking steps,” says McCall. “The answer is three or four.” 

The Security Executive Council advises companies to form cross-functional risk councils to identify risks of concern and to discuss mitigation strategies for the risks

Mitigating Insider Threats

The Security Executive Council advises companies to form cross-functional risk councils to identify risks of concern and to discuss mitigation strategies for the risks. Among the many types of risks these councils evaluate are insider threats.

“Members of the council are drawn from many functions across the corporation that deal with risk” says Kathleen Kotwica, executive vice president and chief knowledge strategist with the Security Executive Council. “That’s important because different departments will focus on different risks or aspects of risks.“

“R&D might be concerned about intellectual property theft, while personnel might be more concerned about workplace violence ,” she adds. “IT will concentrate on cybercrime, permission issues and the misuse of passwords. By creating an umbrella group, you can look at all the risks facing a company, and communicate it up the chain, including insider threats.

If the security department is starting an insider risk mitigation program, revamping an existing insider risk program or reviewing the current program, the Security Industry Council can take them through the steps to identify insider risks, rate those risks on a scale from a minor threat to a major threat, identify potential actors and targets, who in the corporation is responsible for mitigation, and look at the balance between mitigation options and cost.

“From there, we create a scorecard that reflects which insider threat risks are adequately covered and which are not,” says Kotwica. “This can be used to plan appropriate strategies to reduce the gaps identified.”

Share with LinkedIn Share with Twitter Share with Facebook Share with Facebook
Download PDF version Download PDF version

Author profile

Michael Fickes End User Correspondent, SecurityInformed.com

In case you missed it

How Have Security Solutions Failed Our Schools?
How Have Security Solutions Failed Our Schools?

School shootings are a high-profile reminder of the need for the highest levels of security at our schools and education facilities. Increasingly, a remedy to boost the security at schools is to use more technology. However, no technology is a panacea, and ongoing violence and other threats at our schools suggest some level of failure. We asked this week’s Expert Panel Roundtable: How have security solutions failed our schools and what is the solution?

Why Visualization Platforms Are Vital For An Effective Security Operation Center (SOC)
Why Visualization Platforms Are Vital For An Effective Security Operation Center (SOC)

Display solutions play a key role in SOCs in providing the screens needed for individuals and teams to visualize and share the multiple data sources needed in an SOC today. Security Operation Center (SOC) Every SOC has multiple sources and inputs, both physical and virtual, all of which provide numerous data points to operators, in order to provide the highest levels of physical and cyber security, including surveillance camera feeds, access control and alarm systems for physical security, as well as dashboards and web apps for cyber security applications. Today’s advancements in technology and computing power not only have increasingly made security systems much more scalable, by adding hundreds, if not thousands, of more data points to an SOC, but the rate at which the data comes in has significantly increased as well. Accurate monitoring and surveillance This has made monitoring and surveillance much more accurate and effective, but also more challenging for operators, as they can’t realistically monitor the hundreds, even thousands of cameras, dashboards, calls, etc. in a reactive manner. Lacking situational awareness is often one of the primary factors in poor decision making In order for operators in SOC’s to be able to mitigate incidents in a less reactive way and take meaningful action, streamlined actionable data is needed. This is what will ensure operators in SOC truly have situational awareness. Situational awareness is a key foundation of effective decision making. In its simplest form, ‘It is knowing what is going on’. Lacking situational awareness is often one of the primary factors in poor decision making and in accidents attributed to human error. Achieving ‘true’ situational awareness Situational awareness isn’t just what has already happened, but what is likely to happen next and to achieve ‘true’ situational awareness, a combination of actionable data and the ability to deliver that information or data to the right people, at the right time. This is where visualization platforms (known as visual networking platforms) that provide both the situational real estate, as well as support for computer vision and AI, can help SOCs achieve true situational awareness Role of computer vision and AI technologies Proactive situational awareness is when the data coming into the SOC is analyzed in real time and then, brought forward to operators who are decision makers and key stakeholders in near real time for actionable visualization. Computer vision is a field of Artificial Intelligence that trains computers to interpret and understand digital images and videos. It is a way to automate tasks that the human visual system can also carry out, the automatic extraction, analysis and understanding of useful information from a single image or a sequence of images. There are numerous potential value adds that computer vision can provide to operation centers of different kinds. Here are some examples: Face Recognition: Face detection algorithms can be applied to filter and identify an individual. Biometric Systems: AI can be applied to biometric descriptions such as fingerprint, iris, and face matching. Surveillance: Computer vision supports IoT cameras used to monitor activities and movements of just about any kind that might be related to security and safety, whether that's on the job safety or physical security. Smart Cities: AI and computer vision can be used to improve mobility through quantitative, objective and automated management of resource use (car parks, roads, public squares, etc.) based on the analysis of CCTV data. Event Recognition: Improve the visualization and the decision-making process of human operators or existing video surveillance solutions, by integrating real-time video data analysis algorithms to understand the content of the filmed scene and to extract the relevant information from it. Monitoring: Responding to specific tasks in terms of continuous monitoring and surveillance in many different application frameworks: improved management of logistics in storage warehouses, counting of people during event gatherings, monitoring of subway stations, coastal areas, etc. Computer Vision applications When considering a Computer Vision application, it’s important to ensure that the rest of the infrastructure in the Operation Center, for example the solution that drives the displays and video walls, will connect and work well with the computer vision application. The best way to do this of course is to use a software-driven approach to displaying information and data, rather than a traditional AV hardware approach, which may present incompatibilities. Software-defined and open technology solutions Software-defined and open technology solutions provide a wider support for any type of application the SOC may need Software-defined and open technology solutions provide a wider support for any type of application the SOC may need, including computer vision. In the modern world, with everything going digital, all security services and applications have become networked, and as such, they belong to IT. AV applications and services have increasingly become an integral part of an organization’s IT infrastructure. Software-defined approach to AV IT teams responsible for data protection are more in favor of a software-defined approach to AV that allow virtualised, open technologies as opposed to traditional hardware-based solutions. Software’s flexibility allows for more efficient refreshment cycles, expansions and upgrades. The rise of AV-over-IP technologies have enabled IT teams in SOC’s to effectively integrate AV solutions into their existing stack, greatly reducing overhead costs, when it comes to technology investments, staff training, maintenance, and even physical infrastructure. AV-over-IP software platforms Moreover, with AV-over-IP, software-defined AV platforms, IT teams can more easily integrate AI and Computer Vision applications within the SOC, and have better control of the data coming in, while achieving true situational awareness. Situational awareness is all about actionable data delivered to the right people, at the right time, in order to address security incidents and challenges. Situational awareness is all about actionable data delivered to the right people Often, the people who need to know about security risks or breaches are not physically present in the operation centers, so having the data and information locked up within the four walls of the SOC does not provide true situational awareness. hyper-scalable visual platforms Instead there is a need to be able to deliver the video stream, the dashboard of the data and information to any screen anywhere, at any time — including desktops, tablets phones — for the right people to see, whether that is an executive in a different office or working from home, or security guards walking the halls or streets. New technologies are continuing to extend the reach and the benefits of security operation centers. However, interoperability plays a key role in bringing together AI, machine learning and computer vision technologies, in order to ensure data is turned into actionable data, which is delivered to the right people to provide ‘true’ situational awareness. Software-defined, AV-over-IP platforms are the perfect medium to facilitate this for any organizations with physical and cyber security needs.

Securing Mobile Vehicles: The Cloud and Solving Transportation Industry Challenges
Securing Mobile Vehicles: The Cloud and Solving Transportation Industry Challenges

Securing Intelligent Transportation Systems (ITS) in the transportation industry is multi-faceted for a multitude of reasons. Pressures build for transit industry players to modernise their security systems, while also mitigating the vulnerabilities, risks, and growth-restrictions associated with proprietary as well as integrated solutions. There are the usual physical security obstacles when it comes to increasingly integrated solutions and retrofitting updated technologies into legacy systems. Starting with edge devices like cameras and intelligent sensors acquiring video, analytics and beyond, these edge devices are now found in almost all public transportation like buses, trains, subways, airplanes, cruise lines, and so much more. You can even find them in the world’s last manually operated cable car systems in San Francisco. The next layer to consider is the infrastructure and networks that support these edge devices and connect them to centralized monitoring stations or a VMS. Without this layer, all efforts at the edge or stations are in vain as you lose the connection between the two. And the final layer to consider when building a comprehensive transit solution is the software, recording devices, or viewing stations themselves that capture and report the video. The challenge of mobility However, the transportation industry in particular has a very unique challenge that many others do not – mobility. As other industries become more connected and integrated, they don’t usually have to consider going in and out or bouncing between networks as edge devices physically move. Obviously in the nature of transportation, this is key. Have you ever had a bad experience with your cellular, broadband or Wi-Fi at your home or office? You are not alone. The transportation industry in particular has a very unique challenge that many others do not – mobility Can you trust these same environments to record your surveillance video to the Cloud without losing any frames, non-stop 24 hours a day, 7 days a week, 365 days a year? To add to the complexity – how do you not only provide a reliable and secure solution when it’s mobile, traveling at varying speeds, and can be in/out of coverage using various wireless technologies? Waiting to upload video from a transport vehicle when it comes into port, the station, or any centralized location is a reactive approach that simply will not do any longer. Transit operations require a more proactive approach today and the ability to constantly know what is going on at any given time on their mobile vehicles, and escalate that information to headquarters, authorities, or law enforcement if needed; which can only occur with real-time monitoring. This is the ultimate question when it comes to collecting, analyzing, and sharing data from mobile vehicles – how to get the video from public transportation vehicles alike to headquarters in real time! Managing video data In order to answer this question, let’s get back to basics. The management and nature of video data differs greatly from conventional (IT) data. Not only is video conducted of large frames, but there are specific and important relationships among the frames and the timing between them. This relationship can easily get lost in translation if not handled properly. This is why it’s critical to consider the proper way to transmit large frames while under unstable or variable networks. The Internet and its protocols were designed more than two decades ago and purposed for conventional data. Although the Internet itself has not changed, today’s network environments run a lot faster, expand to further ranges, and support a variety of different types of data. Because the internet is more reliable and affordable than in the past some might think it can handle anything. However, it is good for data, but not for video. This combination makes it the perfect time to convert video recording to the Cloud! Video transmission protocol One of the main issues with today’s technology is the degradation of video quality when transmitting video over the Internet. ITS are in dire need for reliable transmission of real-time video recording. To address this need a radical, yet proven, video transmission protocol has recently been introduced to the market. It uses AI technology and to adapt to different environments in order to always deliver high quality, complete video frames. This protocol, when equipped with encryption and authentication, enables video to be transmitted reliably and securely over the Internet in a cloud environment. One of the main issues with today’s technology is the degradation of video quality when transmitting video over the Internet Finally, transportation industry has a video recording Cloud solution that is designed for (massive) video that can handle networks that might be experiencing high error rate. Such a protocol will not only answer the current challenges of the transportation industry, but also make the previously risky Cloud environment safe for even the most reserved environments and entities. With revolutionary transmission protocols, the time is now to consider adopting private Cloud for your transportation operations.