The Insider Threat: Understanding the Inadvertent Threats

The insider threat is possibly the greatest threat to our agencies and national security. In part 1 of our article we talked about the malicious insider and the disgruntled IT administrator.

But what about the insider without malintent? According to CERT, “An unintentional insider threat is (1) a current or former employee, contractor, or business partner (2) who has or had authorized access to an organization’s network, system, or data and who, through (3) their action/inaction without malicious intent, (4) negatively affects the confidentiality, integrity, or availability of the organization’s information or information systems.”

There are different kinds of inadvertent threats. Sometime people just mistakes—you are overworked, tired, and your mind wanders. These mistakes can compromise your security.

Some actions are inadvertent, like powering up your laptop with blue-tooth on, or WIFI open. These actions can indeed inadvertently open a back-door to your network. But these inadvertent actions are preventable through training, policy, and awareness.

But sometimes you simply get outsmarted. Perhaps through social engineering where someone who is malicious, gets you to unwittingly divulge a password or security vulnerability.

The problem with unintentional insider threats is that it is not always the insider that causes the damage. When attackers break through the network perimeter the first thing they do is try to gain control of a privileged account—like “root” for LINUX or “Administrator” for Microsoft Windows. These built-in super-user accounts have god-like privileges that allow an attacker to do anything they want. Privileged user management (PUM) provides a means to lock down and protect these special accounts.

Administrators need access to do their work, but a user that has more entitlements than they need poses a security risk. According to Forrester Research agencies should “[a]dopt a ‘least privilege’ strategy and strictly enforce access control.” With privileged user password management (PUPM), administrators can be given exactly the right amount of entitlements.

When system administrators share passwords they increase the risk that privileged accounts can be compromised. The bottom line is that administrators simply cannot share passwords. Each administrator needs to log on and perform their work under their own identity!

Unintentional insider threats are human problems that require human solutions. Bad processes, stressful work environments and poor computer user interfaces all contribute to fatigue and distraction which lead to mistakes. Eliminating these stressors increases our security.

Left to their own devices people will leave their passwords on their desks, give out their social security number over the phone, and click on dangerous links. You can’t stop stupid, but with good training, education, and awareness, you can go a long way toward slowing it down.

This article was authored by Nate Rushfinn, Principal Enterprise Architect at CA Technologies. You can follow Nate on Twitter @Nate_Rushfinn.