We recently provided guidance on reducing the all hazards threat to small business. Readers may remember that we touched on physical threats to your infrastructure and equipment stemming from broken or damaged structures, debris in hallways or access routes, faulty electrical lines, etc. We made brief mention of the “insider threat” but did not dwell on it since in fact it is so expansive and pervasive that companies must implement strict protocols in order to even begin to address this issue. The protocols must be followed and updated frequently to keep abreast of the dynamic nature of the insider threat.
The insider threat can be described as those hazards and risks-including physical, cyber, monetary and reputational, that are derived or stem from employees-even former employees-as well as contractors who have access to your products, patents, technology, strategic plans-including marketing plans and employee information.
Probably the most famous insider threat case is that of Edward Snowden, the former NSA contractor with broad access to some of the nation’s most sensitive secrets. Snowden, who has been indicted by the US Department of Justice on espionage and other charges, has sought asylum in Russia and has been living there for the past three years. His alleged insider activity includes theft of government secrets by downloading hundreds of thousands of classified NSA and CIA documents and subsequently disseminating them to the public through a journalist, Glenn Greewald, formerly of The Guardian. In committing the alleged activity, Snowden hurt national security by compromising sources, techniques and intelligence collection priorities and goals which are the exclusive property of the US government.
But what are some other types of insider threat activity? Consider the following possibilities:
- A software designer with a “non compete” rider in his contract takes off with nothing more than his skills and knowledge of your latest app design and provides it to a competitor in exchange for a new job. Threat? Crime? It may be both;
- A truck driver working for a shipper that transports your merchandise suddenly absconds with the day’s deliveries, composed mainly of televisions, computer hardware and other electronics. He’s not your employee, but he has access to your warehouse and merchandise. How do you forsee something like this and what measures can you take to prevent it from recurring?
- Your new system for converting steam into clean energy for powering automobiles has been patented and is proprietary. Why is a similar version showing up in a competitor’s new models? Has your intellectual property been stolen or compromised somehow? How was the compromise carried out? Was it deliberate or inadvertent? Who gave up the protected information?
- A law enforcement officer has developed a drug habit and he is eventually arrested for stealing evidence, including money and drugs. Many of your department’s cases are now compromised and defense attorneys are asking the courts to overturn convictions of their clients where it can be shown that evidence was collected or accessed by the suspect officer. Is this an insider threat? The reputational damage to the department is potentially huge.
The above scenarios are hypothetical but similar situations involving insiders have occurred in the past. The insider threat is one of the most dangerous but still it remains shadowy and hard to detect. What are some indicators that might suggest a person is or risks becoming a threat to your operations? What preventive measures can you take to protect your business? How much intrusion into or monitoring of an employee’s behavior on the job is legal?
We’ll address some of these questions in upcoming issues. In the meantime, follow us on Twitter for more advice on the insider threat and for all things security related.