Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

What Can Airport Security Teach us About Dealing with Insider Threats?

Bangkok Airport

What can airport security teach us about dealing with insider threats?

Bangkok Airport

What can airport security teach us about dealing with insider threats?

Quite a bit, actually. As a starting point, let’s compare two approaches to airport security – the US approach and the Israeli approach.

The US approach assumes each person seeking to board an airplane has an equal likelihood of being a security risk.

The Israeli approach is very different. It combines profiling with more targeted examination of travelers behavior, body language, and other indicators to determine which travelers require a closer look.

There are reasons why the Israeli approach is right for Israel, and why it might not translate to the US. Profiling is right up there at the top. But there is no denying that the Israeli approach works. (For the record, as maddening as the sock hop through the security line to the machine that removes any doubt about what’s under your clothes is, the TSA agents are working hard to keep us safe and doing the dictionary definition of a thankless job. After all, it’s not their fault we have to take off our shoes).

How does this relate to insider threats? Do we want to assume that everyone working with us has an equal likelihood of being a security risk, just because they have rights and permissions to sensitive data and systems? Of course not. We are talking about our employees, our co-workers, and often our friends. Treating everyone like a potential problem not only makes for really tense holiday parties and happy hours, it simply isn’t necessary.

We could, however, put systems and policies in place to examine behaviors, and look for indicators that some employees may require a closer look. And we could look at history to tell us whether certain conditions might dictate paying closer attention to some specific groups of employees.

A recent survey by Symantec showed that 50% of employees who left, or lost, their jobs in the 12 months prior to the survey took confidential information with them.

Advertisement. Scroll to continue reading.

If you knew that in every group of 10 friends your son or daughter brought over to the house, five were going to take something with them when they left, you’d either tell your beloved offspring “no more making friends” or you’d keep a much closer eye on things. Well, at the office, we aren’t about to say “no more employees.” So it seems reasonable to me to do a couple of common sense things when dealing with departing employees:

• Remind them about any agreements they signed promising to protect company information and to not disclose.

• Ask them to think about any corporate data or other Itellectual Property (IP) they might have on personal devices or in BYOC products like Dropbox, and to return / destroy it.

• Keep an eye on what they are accessing, downloading, and interacting with – 40% of those surveyed said they would use the information they took with them at their next job.

It’s company IP. Protect it. A best practice is to employ user activity monitoring on departing employees. The amount of corporate property leaving with them is simply too great, and too important, not to.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

CISO Strategy

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.

Compliance

The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Compliance

Government agencies in the United States have made progress in the implementation of the DMARC standard in response to a Department of Homeland Security...

Email Security

Many Fortune 500, FTSE 100 and ASX 100 companies have failed to properly implement the DMARC standard, exposing their customers and partners to phishing...