Government Technology Insider
  • About
  • State & Local
  • Civilian
  • Defense & IC
SUBSCRIBE
No Result
View All Result
  • Acquisition
  • AI & Data
  • Cybersecurity
  • CX
  • Digital Transformation
  • Hybrid Work
    • Work Smarter
  • Public Safety
  • Resources
    • Innovation and Technology to Advance Government
    • World of Work
    • Your Digital Transformation Path Starts Here
    • The Frontlines of Customer Experience
    • Innovative Solutions for Connecting Agencies
    • Be Ready For What’s Next
Government Technology Insider
  • Acquisition
  • AI & Data
  • Cybersecurity
  • CX
  • Digital Transformation
  • Hybrid Work
    • Work Smarter
  • Public Safety
  • Resources
    • Innovation and Technology to Advance Government
    • World of Work
    • Your Digital Transformation Path Starts Here
    • The Frontlines of Customer Experience
    • Innovative Solutions for Connecting Agencies
    • Be Ready For What’s Next
No Result
View All Result
Government Technology Insider
No Result
View All Result
Home Uncategorized

Are Insider Threats Really the Most Lethal Threat to National Cyber Security?

by Nate Rushfinn Crocker
October 24, 2016
in Uncategorized
Reading Time: 6 mins read
A A
Are Insider Threats Really the Most Lethal Threat to National Cyber Security?
Share on FacebookShare on Twitter

“The most lethal threat is from inside the agency” – Joseph Kinder, retired US Cyber Command

In July 2016, the Digital Guardian asked 77 security experts the question: “Insider vs. outsider data security: which is the greater threat?” Overwhelmingly the response was—insider. Many rationalized that external threat actors must use tools to infiltrate impenetrable barriers, while insiders simply had to copy the data and abscond with it.

Just because something might be true doesn’t mean it is. In fact, greater than 90% of insiders are loyal, hard-working, conscientious employees that do NOT steal agency data. Data from the ID Theft Center confirms that over nine years, insider theft remains at a median of 11.7%

ncsam-graph

Source: ID Theft Center

Every year across multiple vendor-sponsored opinion surveys 70% or more respondents state that they believe insider threat is the greatest security threat. Here we have a clear example of cognitive bias. People tend to overweight the degree of perceived risk to things they find scarier. For example, most people are more afraid of dying in a plane crash than they are of a heart attack. Yet the probability of dying in a plane crash is 1:5000 while dying of a heart attack is 1:4. Cognitive bias is subtle but pervasive. The odds of dying at the hands of a terrorist in the US is 1:20,000,000. The CDC points out that it is more likely that you could be killed by a cow. The fear that someone sitting next to you could be a threat actor is irrational given the odds.

The Unintentional Insider Threat

In a special report for DHS, CERT analyzed thousands of cases studies to provide a new understanding of insider threat. They define the human factors at work as: human error, fatigue/sleepiness, subjective mental work load, situational awareness and mind wandering.

For example, the National Institutes of Health have an extensive body of knowledge documenting effects of fatigue on worker performance. Fatigue from inadequate rest, loss of sleep or non-standard work schedules has been demonstrated to slow reflexes, cause lapses of attention and compromise problem solving. Many organizations like the FAA and Nuclear Regulatory Commission have strict guidelines on how much rest operators must have in a 24-hour period. There are no such requirements in IT, and many administrators work with less rest than any other industry.

How is that we can entrust our mission critical systems to our loyal insiders if we don’t ensure they have the proper rest? Furthermore, how can we turn around and blame them for their actions or inactions, when NIH specifically states they are more likely to make those mistakes?

Insiders are unfairly blamed for another type of threat. UIT-HACK is classified as an outside attack on an insider using social engineering, phishing, malware, spyware or any other means. The fact is that most insiders are highly trained IT professionals. If an external attacker compromises our security, and with a pre-meditated plan uses sophisticated technology or social engineer to steal an insider’s password, is that their fault? If someone breaks into your home, thwarting your alarm system to steal your valuables, should the police arrest you for negligence? The fact is that most phishing attacks are completed against end users, not insiders.

Privileged User Management

The end goal of every data breach is to gain elevated privileges. Attackers start by gaining low-level access to a device. Maybe on the perimeter, or maybe inside through a malware attack. They continue their upward journey until they have gained access to “root”, “admin” or “administrator.” Once a threat actor has “superuser” privileges, they have full control and can abscond with whatever data they wish.

Insiders did not create the superuser problem. It started with Dennis Ritchie; and perpetuated by Bill Gates, and Linus Torvalds. Today, every open system we have relies on a superuser password. The problem is compounded by the open systems’ micro kernel architecture, which allows anyone with that “god” password unfettered access to the entire system.

There are three solutions to overcoming the superuser problem:

  • Every computer needs a Trusted Platform Module, as defined by the Secure Computing Group.
  • All superuser passwords need to locked up in a secure vault and never used again. The vault must be truly secure. A FIPs 140-2 level 1 container is not sufficient. It must be FIPS 140-2 level 4. Once the superuser accounts are locked-up, privileged access management must be put in place to ensure every user has only the entitlements necessary for their role. This goes from the CEO to the CISO, network admins and end users. No one gets more access than they need.
  • Experts agree a perimeter defense is no longer effective. The answer is segmentation. Whether you call it micro-segmentation or hyper-segmentation, it must be granular enough that there is a virtual segment for every user to every service. When a threat actor gains access, they will hit a dead-end.

Is insider threat our greatest threat? No. Data shows malicious insiders and planned attacks make up 11%, on average, of all breaches. While insider threat is a problem we need to address, it’s nothing in comparison to the documented external threat that is crippling our nation.

Unintentional insider threats (UIT) should no longer be considered a threat vector. External threat actors attacking insiders (UIT-HACK) is an external threat. The other losses that happen, such as accidental disclosure (DISC), improper disposal (PHYS), lost portable equipment (PORT) are not insider threats, but mismanagement and lack of proper procedures set up by management. It’s time to declassify UIT as a threat vector and start addressing the problem.

Tags: Cyber Threats to USGovernment Cyber SecurityInsider ThreatsNational Cyber Security Awareness MonthNSCAMPrivileged UsersSuperuserUS CERTUS Cyber Command

RELATED POSTS

federal cybersecurity
Cyber Security

Working Together to Bolster Federal Cybersecurity Efforts in a Hybrid World

November 1, 2021
help governments prevent ransomware
Cybersecurity

A Guide to Help Governments Prevent Ransomware Attacks

December 10, 2020
insider threats
Civilian

Managing Insider Threats Should be a Top Priority for 2021

December 1, 2020

TRENDING NOW

  • Advana

    Meet Advana: How the Department of Defense Solved its Data Interoperability Challenges

    8500 shares
    Share 3400 Tweet 2125
  • Network Slicing Enables Agencies to Create Private, Secure, and Customized Networks: A Podcast

    124 shares
    Share 50 Tweet 31
  • CISA Issues Updated Guidance to Protect Federal Agencies Against Expected Onslaught of DDoS Attacks

    32 shares
    Share 13 Tweet 8
  • Identifying the Building Blocks for a Successful Zero Trust Journey

    40 shares
    Share 16 Tweet 10

CONNECT WITH US

Advertisement Banner Advertisement Banner Advertisement Banner
Advertisement Banner Ad Advertisement Banner Ad Advertisement Banner Ad
Advertisement Banner Advertisement Banner Advertisement Banner
Advertisement Banner Advertisement Banner Advertisement Banner
Advertisement Banner Ad Advertisement Banner Ad Advertisement Banner Ad
MaaS Nebula Software Factory Banner Ad MaaS Nebula Software Factory Banner Ad MaaS Nebula Software Factory Banner Ad
Advertisement Banner Ad Advertisement Banner Ad Advertisement Banner Ad
Advertisment Banner Ad Advertisment Banner Ad Advertisment Banner Ad
Advertisement Banner Advertisement Banner Advertisement Banner
Advertisement Banner Ad Advertisement Banner Ad Advertisement Banner Ad

BECOME AN INSIDER

Get Government Technology Insider news and updates in your inbox.

Strategic Communications Group is a digital media company that helps business-to-business marketers drive customer demand through content marketing, content syndication, and lead identification.

Related Communities

Financial Technology Today
Future Healthcare Today
Modern Marketing Today
Retail Technology Insider
Today’s Modern Educator

Quick Links

  • Home
  • About
  • Contact Us

Become a Sponsor

Strategic Communications Group offers analytics, content marketing, and lead identification services. Interested?
Contact us!

© 2023 Strategic Communications Group, Inc.
Privacy Policy      |      Terms of Service

No Result
View All Result
  • Home
  • About Government Technology Insider
  • State & Local
  • Civilian
  • Defense & IC
  • Categories
    • Acquisition
    • AI & Data
    • Customer Experience
    • Cybersecurity
    • Digital Transformation
    • Hybrid Work
    • Public Safety
  • Contact Us