Browse Content by Topic:
Organizational Security: Insider Threat is Not Just a Cybersecurity Problem
Author: William Van Vleet, III, CEO Haystax Technology
Copyright: 9-1-1 Magazine, Feature Content
The weeks-long manhunt last June for convicted murderers David Sweat and Richard Matt – which involved more than 1,500 law-enforcement officials and is said to have cost taxpayers about $1 million a day – is now turning into an investigation of employees at the high-security prison. Initially the focus was on two insiders, but now it has become much broader, with the FBI questioning many guards and employees. Could the Clinton Correctional facility have known in advance that two or more of its employees posed “insider threats” – just as certain IT employees can pose threats in cybersecurity breaches? William Van Vleet discusses how public safety and other organizations, even prison officials, can use predictive analytics to provide them with real-time actionable intelligence to address insider threats.
The term “insider threat” conjures up images of cyber incidents and information leaks such as those perpetrated by Edward Snowden and Bradley (Chelsea) Manning. Not surprisingly, most technology directed at solving the insider threat problem is focused on the cyber realm. Yet insiders – employees or members of an organization – can also operate in the physical realm, and they can pose threats to all kinds of organizations in all kinds of ways. At Haystax we believe that taking all kinds of insider threats seriously is one of the most important public safety activities we can undertake, and we’ve devoted an entire piece of our business to it.
The fact that “insider threat” is used almost exclusively in the cyber realm is borne out by the term’s definition in Wikipedia: “a malicious threat to an organization that comes from people within the organization, such as employees, former employees, contractors or business associates, who have inside information concerning the organization's security practices, data and computer systems.” Insider threats are indeed a problem for cybersecurity, and insiders are listed along with hacktivists, state-sponsored attackers and hackers for hire as potential sources of cyber-attacks.
Yet there are many other kinds of threats that insiders can pose. Consider, for example, the two inmates who recently escaped from a prison in upstate New York. They were allegedly aided by insiders – employees of the prison. And then there was the co-pilot who allegedly crashed the Germanwings plane earlier this year. He was an insider – an airline employee – who exhibited behaviors before the crash that might have been detected had the right tools been available. Teachers who molest or abuse students are insiders, active shooters have sometimes been insiders, and the perpetrator of the deadly Anthrax mailings in 2001 might also have been an insider.
An insider threat can be posed by anyone whose knowledge, position, beliefs, prior actions/behavior, or physical, psychological or emotional state could cause them to do something threatening – or to be exploited by someone else planning something threatening. That’s an extremely broad definition that could probably be extended even further; but unfortunately, insider threats are real – and not just for cybersecurity.
Combatting insider threats, however, has largely fallen under the cybersecurity banner, and most solutions offered for insider threat are in that realm. Data loss protection technology, for example, protects data from leaving a system, and advanced, customizable firewalls can perform a similar function for networks. Other solutions offered include providing training in cyber hygiene for employees or members of an organization. This option is based on the premise that employees who are well trained will have fewer unintentional cyber accidents, such as using a flash drive on both a work and home computer or falling victim to a phishing scam. These are all useful tactics, but they leave out one thing: the behavior of the insider him or herself, their state of mind or emotional state, and what might motivate them.
This, in our view, is a major omission, and this is where we’ve focused. Our technology, called Carbon, picks up where others leave off. It’s an insider threat detection platform that uses patented algorithms and sophisticated identity analytics to create risk ratings on insiders who could pose potential threats to the organization or themselves. Developed after consultation with a wide range of experts, including psychiatrists, Carbon collects and analyzes data from public and privately available sources, such as employment records. The analysis Carbon produces can help organizations identify potential insider threats before they occur, so organizations can decide what kind of proactive steps to take.
Our advice to organizations is to make sure you really know your employees, your population, and your environment. I realize that’s an extremely tall order, but that’s one of the reasons I founded Haystax: because I believe everyone has a right to have safety and security. Using big data and analytics plus sophisticated algorithms, it’s possible to provide more insight into what sets of people in an organization might pose a danger to themselves or others. That knowledge can be powerful, and used judiciously, it might just prevent an insider threat – whether cyber or physical – from becoming a calamitous event.
William Van Vleet, Chief Executive Officer at Haystax Technology, has more than 30 years of experience in defense and commercial technology markets. Mr. Van Vleet founded Haystax Technology in 2012 and has seen it grow into a leading provider of advanced analytics and cybersecurity solutions. Haystax Technology is headquartered in McLean, VA. For more information, see www.haystax.com