Security Experts:

Most Attacks Are External, But Never Underestimate The Insider Threat

Even though most cyber-incidents tend to be external attacks, organizations should not underestimate the likelihood of a malicious insider stealing sensitive information or sabotaging internal systems.

Earlier this month, US Army MP William Millay was sentenced to 16 years in prison for attempting to sell classified military information to the Russians, according to a story posted on the Federal Bureau of Investigation website this week. Millay wasn't motivated by any political or moral outrage; he was willing to sell secret defense documents just for the money, the FBI said.

Insider Threats"This case really drives home the point that the insider threat is alive and well," Special Agent Sam Johnson, the supervisor in charge of the national security squad in Anchorage, Alaska, said in the FBI post.

In 2011, Millay began talking to and soliciting help from other military personnel regarding selling classified defense information to the Russians. Many of the people he talked to didn't take him seriously, but some realized he was serious, special agent Derrick Criswell sad in the story. "No one came forward to report his activity," Criswell said.

Millay was arrested and taken in custody after dropping off secret documents about military technology at a pre-arranged drop site and retrieving his $3,000 payment. The Russian officer Millay thought he was selling to was really an FBI undercover operative, according to the FBI. The fact that his activities were never reported illustrates the importance of raising awareness about the insider threat, Johnson said.

"Anyone who looks closely at the record of damages caused by breaches will discover that insiders are not only a leading concern but also a leading problem," Nick Cavalancia, vice-president of marketing at SpectorSoft, told SecurityWeek.

Even Verizon called out insider breaches as a significant issue in its 2013 Data Breach Investigations Report last week. While up to 92 percent of threats came from outsiders, insider threats accounted for 14 percent of total incidents, according to the latest DBIR. Organizations need to "place special focus on the insider," Cavalania said.

Since 2005, 441 data breaches that involved a malicious insider led to the compromise of more than 32 million records, according to statistics collected by the Privacy Rights Clearing House.

"Insiders cause major damage," Cavalancia said.

Another recent survey from AlgoSec also highlighted insider threats as a major security concern among information security and network operations professionals. About 65 percent of the respondents rated insiders as the greatest security risk facing their organizations, according to AlgoSec's State of Network Security 2013 survey.

"Insider threats are a top concern of cybersecurity teams" and organizations need to understand that risks are just as likely to be inside as outside the organization. Security and risk professionals, as well as leading law enforcement agencies, need to recognize the seriousness of these threats, Cavalania said.

view counter
Fahmida Y. Rashid is a Senior Contributing Writer for SecurityWeek. She has experience writing and reviewing security, core Internet infrastructure, open source, networking, and storage. Before setting out her journalism shingle, she spent nine years as a help-desk technician, software and Web application developer, network administrator, and technology consultant.