Insider Threats and Cyber Vigilantes
Attacks Ain't What They Used to BeWe often call it "insider threat," and it typically involves a disgruntled employee who either hacks, steals or sells customer or corporate information for personal gain.
In recent years, the economic downturn fueled insider threat concerns, and most organizations have stepped up efforts to predict, track and catch insider fraud.
These are people on your workforce: ideological insiders that have access to your information, and they're using it for a cause or to prove a point. ... This is a whole counter-culture thing.
But so-called insider threats are not what they used to be, especially in the cyber-realm. Over the last six to 12 months, we've seen a shift, and security experts agree that shift has tipped the scales out of the organization's favor.
Today's recent cyberattacks - as hacks at Google and computer breaches at the U.S. Senate and the International Monetary Fund prove - are increasingly waged not for personal gain, but social change. And the attackers are often internal, as well as external.
This new kind of motivation could prove stronger than the drive to hack, steal and cheat for monetary gain - a sentiment that's been echoed and bounced by numerous security experts I meet.
Josh Corman, research director of the Enterprise Security Practice at The 451 Group, says cyber-vigilantes like LulzSec and Anonymous, now simply known as Anon, are changing the way Infosec approaches insider threats, or at least they should. [See Breach Avoidance: 4 Tips and LulzSec: Senate, Sony Hackers Profiled.]
"These are people on your workforce: ideological insiders that have access to your information, and they're using it for a cause or to prove a point," Corman says. "This is more like Fight Club than espionage. They do your laundry; they work in the mailroom. This is a whole counter-culture thing."
That counter-culture concern and increasing risks associated with insider threats, whether vigilante or otherwise, came up more than once this past week during the Gartner Security & Risk Management Summit near D.C. I caught up with a number of industry experts while I was there, and you can glean more insight from the host of interviews I conducted. [See Gartner Summit: Focus on Security & Privacy.]
I found some points raised by Julie Bernard of Ernst & Young to be particularly applicable. Bernard says insider threats are often overlooked. Organizations spend more time and money protecting the perimeter, forgetting or neglecting to recognize that wars waged from the inside are often the most damaging. In fact, outside attacks are more often than not linked to insider compromises.
"We see more individuals being targeted, and those targeted attacks are increasing," she says. "Insider threat is equal to outside threat, and tracking behavior and monitoring activity is critical."
Bernard calls it cross-security discipline, and we can expect to see organizations increasingly implementing its practice as threats grow.
Cyberattacks are definitely going to get worse before they get better. They can't be stopped, but understanding how, why and where they are being launched is at least 70 percent of the battle.
