Thomas Edison State University Blog

What Happens When Insider Cybersecurity Threats Infiltrate the U.S. Government?

Written by Dr. Jane LeClair | Monday, June 18, 2018

Protecting a digital system is a lot like defending a castle in Medieval Europe.

The protection of a digital system from hackers is often thought of as a ‘perimeter’ defense, or say, a moat. With such a defense, layers of security or ‘walls’ are built around the data, similar to the outer and inner walls protecting a castle’s keep. That data is then stored in a system to prevent outside intruders from gaining access, not unlike a castle’s towers, parapets, drawbridge or barbican.

Access to the data involves entry through secure ‘gates’ that are guarded with firewalls, passwords and intrusion detection systems or, in the instance of a castle, a well-fortified gatehouse and arrow loops for defending armies and loyal knights. Generally, such a system is effective in keeping out a high percentage of any kind of enemy.

Or is it?

Unfortunately, no matter how high an organization or a castle builds its walls or invests in its security, all is for naught if authorized personnel – or a disgruntled knight - inside the perimeter opens the gates or passes information to the outside. 

Why ‘Insider Threats’ are a Real Concern

According to Tripwire.com, 74 percent of companies feel that they are vulnerable to insider threats, with seven percent reporting extreme vulnerability. Most data breaches today involve an insider in some way, whether through a nefarious or unaware employee. Organizations can spend millions in defense on security measures, but it can all come undone by an insider. 

While insider threats can cost millions in damages, a far greater threat exists when the insider is employed by the government and provides sensitive information to outsiders. A case-in-point involves the recent disclosure by the CIA that an agency employee who leaked sensitive information had been identified. The New York Times noted “it was the largest loss of classified documents in the agency’s history and a huge embarrassment for C.I.A. officials.”

The U.S. government has recognized the danger of insider threats to security and, in 2011, established the National Insider Threat Task Force (NITTF). It’s mission is to “develop a government-wide insider threat program for deterring, detecting and mitigating insider threats, including the safeguarding of classified information from exploitation, compromise or other unauthorized disclosure, taking into account risk levels, as well as the distinct needs, missions and systems of individual agencies.” While this agency has worked diligently in preventing the loss of information, insider threats remain one of the most difficult challenges to security.

How to Prevent the Loss of Data Due to Insider Threats

There is no ‘perfect’ data security system when determined individuals and rogue nation states with time and resources breach the most secure systems. But with sufficient training and education, organizations can greatly impede the loss of data and hinder insider threats.

To mitigate data loss, here are my suggestions:

  1. screen new hires carefully;
  2. monitor employees for signs of distress, especially financial issues;
  3. monitor digital system for signs of unusual transfer of data;
  4. immediately remove access to an organization’s data when an employee is terminated or quits; and
  5. train employees on how to identify insider threats and work toward creating a cybersecurity culture.