Intentional Insider: Is the Threat from Leakers Still Valid?
Data leaks are nothing new and the UK’s Information Commissioner’s Office (ICO) began issuing financial penalties in earnest for such incidents in 2010. At the time, one of the major headlines surrounding data leaks related to the release of diplomatic cables by Wikileaks.
Whilst the first ICO fines were issued in November 2010, Wikileaks’ Julian Assange was negotiating with press outlets and newspapers to publish details of the cables in a redacted form, therefore removing the names of sources and others in vulnerable positions. This saw the release of previously private communications related not just to politicians, but to companies too.
This was even more apparent with the Panama Papers from 2016 and the Paradise Papers from 2017, which were taken by those seeking to liberate information.
Data Leaks, a Valid Threat?
Data leaks of this scale have not made the headlines in the same way for some years, but the threat could still be valid.
Lisa Forte, partner at Red Goat Cyber Security, admitted that insider threat attacks of this scale are rare, but “in the last three years we have seen a huge increase in insider threat attacks around the world. In particular, they are seen more in organizations that operate in new economy markets or in industries that generate a lot of R&D or IP,” she said.
Some CISOs, speaking on background, have mentioned that they are more focused on insider threat and data loss than systems being down.
Peter Gooch, a partner within Deloitte's Cyber Risk Services, said insider threat is a concern “on different levels, as we think of nation-state sponsored attackers, organized crime and even script kiddies, and they all have different levels of determination.”
Gooch explained that the definition of an insider threat is “different for different organizations and there will be a real fear of activists and disgruntled employees who will showcase what is happening in organizations.”
No one wants their internal actions to be revealed, Gooch admitted, and whilst he acknowledged he cannot imagine any company harboring anything that is illegal, no company wants their activities to be disclosed, whether legal or illegal.
“Think of the socio-economic climate, and the perception and damage a leak can cause,” he said.
Intentional Insiders
The coverage these incidents increased the conversation on the insider threat. Forte noted that perpetrators are stealing with intent but not necessarily with malice.
“The correct term is ‘intentional insider’,” she explained.
This type of intentional insider is difficult to detect and to determine who they are and what sort of actions they could take. Gooch noted that in challenging business and economic environments, there may be an increase in the number of disgruntled employees, and they could be a weak link.
“There are disaffected employees who either deliberately want to cause grief to an organization or steal data to sell it or take it to another job,” he explained.
The impact of WikiLeaks and the Panama Papers was felt for a prolonged period due to the slow release of the documents, and the media response to the continual feed of new details.
Asked if she felt businesses consider these high-profile incidents in their risk profile, Forte said she is finding a lot of clients in the US do, but companies within the UK and Europe “are behind on this but slowly realizing.”
Register for Europe’s leading cybersecurity event
Join us at London ExCeL, 4-6 June, for three days of learning, networking, discovering and exploring all things Infosecurity.
Protecting Your Business
When asked what businesses can do to protect themselves against such an incident, Forte said the issue is that insider threats are notoriously difficult to handle, as it’s “often difficult to sell an insider threat program into the business” even in the preventative stage.
“Organizations should have playbooks specifically for insider threats so that they know how their crisis management teams would handle a big noisy incident should it occur. The development of those playbooks can feed into the awareness raising element of designing an insider threat program too,” she explained.
Gooch recommended that businesses be aware of the actions which can make them a target, be proactive, and make sure their intellectual property is protected and confidential information cannot be leaked.
“Companies should make sure they have their prized information and know how well controlled it is, what measures are in place to stop gigabytes being taken out,” he said.
The incidents highlighted earlier in this article would have been especially hard to prevent as it is impossible to determine if they would have been detected as an intentional insider before striking.
Forte noted that the triggers for theft, fraud and sabotage are all slightly different, but they have one thing in common – they have a dissatisfied employee at their core.
This is a reason why Forte is such a strong advocate for employee assistance programs.
“They are great to help your employees deal with all manner of issues and it enables companies to throw their employees a lifejacket before someone else, someone potentially nefarious, does,” she explains.
In addition to employee assistance programs, she also recommended looking at including “decent whistleblowing programs, monitoring of people after they have handed in their notice, good management who can spot and refer employees to assistance programs who may need help, tighter controls on access and implementing things like need to know, enforced holidays, multiple checks and internal audits” as options to deal with this issue.
The threat of the intentional insider is persistent and one which is a concern for major businesses. While a large data leak has not happened for some time, it doesn’t mean the threat has gone away.
Enjoyed this article? Make sure to share it!
Latest Articles
Keep up to date with the latest infosecurity news and trends in our latest articles.
Stay in the know
Receive updates about key events, news and recent insights from Infosecurity Europe.
Looking for something else?