When you think about threats to government cybersecurity, you might think about hackers clicking away at code in dark spaces, well outside of agency walls. While these external threats certainly exist, it’s also critical for agencies to confront insider threats.
Insider threats can pose an even greater risk to organizations, given the potentially high levels of legitimate access that they have to government information and systems. These threats come in all shapes and sizes – making them difficult to detect.
There are three main types of insider threats:
First, there is the Turncloak. This is an insider who maliciously steals data or harms systems. In most cases, it’s an employee or contractor – someone who is supposed to be on the network and has legitimate credentials, but is abusing their access.
Then there is the Pawn – a normal employee who makes a mistake such as losing a laptop or accidentally emailing a sensitive document to the wrong person. That mistake is then exploited by a malicious hacker.
Finally, there is the Imposter. Whereas the Turncloak is a legitimate insider gone rogue, the Imposter is really an outsider who has acquired an insider’s credentials. They are on your network posing as a legitimate employee.
Not only do these insider threat types have different motivations for causing organizational harm, they also use a wide variety of tactics to get the job done. Pawns might simply misplace a device or fall victim to a sophisticated phishing email attempt. Imposters can use any number of tactics – from bots that generate credentials to simple stolen passwords – to gain access.
And then there are Turncloaks, also known as malicious insiders, who can use routine, legitimate processes and credentials to access information. These Insiders have a significant advantage over external attackers. They are not only aware of their organization’s policies, procedures, and technology; they also know its vulnerabilities.
Agencies know the risks associated with malicious or unintentional insiders, but given the wide variety of attacks and motivations, it can be tough for organizations to detect and prevent them. In fact, in a survey from the SANS Institute, 49 percent of IT leaders said they felt very or extremely vulnerable to insider threats.
Specifically, government efforts often suffer from at least one of two pitfalls. First, agencies have historically focused on external-facing security mechanisms, such as firewalls and intrusion detection systems. However, when we are looking for internal threats, these detection mechanisms are ineffective. They do not detect internal system or information misuse.
Now, more agencies are beginning to adopt internal monitoring and detection solutions – such as log analysis or access logging. But because insider threats may utilize a variety of approaches to effectively breach an organization, having these isolated solutions still leaves agencies vulnerable.
So what’s the way forward? Take our 10-minute course on combating insider threats to learn more.