Proceedings magazine is a communication tool for the Coast Guard's Marine Safety & Security Council. Each quarterly magazine focuses on a specific theme of interest to the marine industry.
Issue link: https://uscgproceedings.epubxp.com/i/436751
69 Winter 2014 – 2015 Proceedings www.uscg.mil/proceedings The Scoop on Insider Threats External cyber crimes and attacks are committed at an increasingly alarming rate, but can usually be mitigated by controlling access to data and detecting unauthorized access. However, threats that include sabotage, theft, espionage, and fraud continue to originate from within organizations, carried out through abusing access or mishandling physical devices to steal information. The cost of damage caused by insiders is unknown, as most crimes go unreported or undetected. Most "inside jobs" happen because employers did not appropriately assess the risks and plan accord- ingly. The good news is that when appropriate insider threat- detection and prevention countermeasures are in place, the threat can be reduced dramatically. The insider threat has matured, due to technology's progres- sion and now applies to information data systems. Although government and private industries identifed the insider threat to information data systems years ago, mitigation strategies, until recently, have relied on nontechnical mea- sures such as employee awareness and education, back- ground investigations, and trust management. In most cases, when insiders set out to harm an employer, they come armed with the trust and authority necessary to perform the malicious activity. While it is typical that normal access credentials are suffcient, some insiders go further and use conventional hacking methods, including password hacking, vulnerability exploitation, changing sys- tem confgurations, and using login credentials stolen from coworkers. Copying or uploading proprietary data, either on the way out of the door to another job or sending to an outside party for direct fnancial compensation, is the most common crime. Insiders can proft and exact revenge in one fell swoop by selling valuable data and source code to an employer's com- petitors. Or, in the age of zero-capital start ups, they can use customer lists to go into business for themselves. On the IT side, threats can sometimes take a bizarre turn, such as an individual refusing to give up passwords or other essential information. Some technically savvy insiders even go as far as installing a "time bomb" program to activate if the employee is laid off or fred. Predicting which insiders may pose a threat can be an ardu- ous task. While many malicious insiders are disgruntled and give prior warning of the damage they can accomplish, just as many are well-liked and trusted workers who give no indication of impending betrayal. No single personality model indicates who is more likely to pursue insider crime. Recognizing the Signs of an Insider Threat So it's important to look for tell-tale actions or tendencies that may indicate a potential insider threat. Indicators include: • Greed or fnancial need: A belief that money can fx anything. Excessive debt or overwhelming expenses. • Anger/revenge: Disgruntlement to the point of wanting to retaliate against the organization. Insider Threat Combating Insider Threat The greatest threats are the ones with access. by MR. GReG sMiTh Intelligence Specialist Chief Intel Division Senior Watch Offcer U.S. Coast Guard Cyber Command "I am concerned for the security of our great nation; not so much because of any threat from without, but because of the insidious forces working from within." — General Douglas MacArthur Gen. Douglas MacArthur, Jan. 9, 1943. Photo courtesy of the U.S. Army.