Proceedings magazine is a communication tool for the Coast Guard's Marine Safety & Security Council. Each quarterly magazine focuses on a specific theme of interest to the marine industry.
Issue link: https://uscgproceedings.epubxp.com/i/436751
70 Proceedings Winter 2014 – 2015 www.uscg.mil/proceedings occur and that they have severe consequences. In addition, it is important to understand that malicious insiders do not ft a particular profle. The technical abilities range from minimal to advanced, and the ages range from late teens to retirement age. There is no easy way to use demographic information to identify a potential insider threat. However, there are ways to identify higher-risk employees and imple- ment mitigation strategies to reduce damage, should they choose to attack. Insider Threat Best Practices Best practices for preventing and mitigating insider threats are largely policy-centric. In many cases, these practices are the only realistic way to deal with insider threat problems. "For most organizations, insider threats have moved beyond risk into reality; how- ever, many threat vectors can be protected against with a measured approach to busi- ness security." — Amichai Shulman, CTO, Imperva This is due to the lack of fully effective responses, but in some cases, the problem is not one that technology alone can solve. There are numerous elements to the insider threat problem. The following list is a good starting point for orga- nizations looking to control potential insider threat weak- nesses: • Clearly document and consistently enforce policies and controls. • Incorporate insider threat awareness into periodic secu- rity training for all employees. • Beginning with the hiring process, monitor and respond to suspicious or disruptive behavior. • Anticipate and manage negative issues in the work envi- ronment. • Know your assets. • Implement strict password and account management policies and practices. • Enforce separation of duties and least privilege. • Institute stringent access controls and monitoring poli- cies on privileged users. • Institutionalize system change controls. • Use a log correlation engine or security information and event management system to log, monitor, and audit employee actions. • Monitor and control remote access from all end points, including mobile devices. • Develop a comprehensive employee termination proce- dure. • Implement secure backup and recovery processes. • Develop a formalized insider threat program. • Problems at work: A lack of recognition, disagreements with co-workers or managers, dissatisfaction with the job, a pending layoff. • Ideology/identifcation: A desire to help the "under- dog" or a particular cause. • Divided loyalty: Allegiance to another person or com- pany, or to a country besides the United States. • Adventure/thrill: Want to add excitement to their life, intrigued by the clandestine activity, "James Bond Wan- nabe." • Vulnerability to blackmail: Extra-marital affairs, gam- bling, or fraud. • Ego/self-image: An "above the rules" attitude or desire to repair wounds to self-esteem. • Vulnerability to fattery or the promise of a better job: Often coupled with anger/revenge or adventure/thrill. • Ingratiation: A desire to please or win the approval of someone who could beneft from insider information with the expectation of returned favors. • Compulsive and destructive behavior: Drug or alcohol abuse or other addictive behaviors. • Family problems: Marital conficts or separation from loved ones. Insider Threat Prevalence Estimates of how often companies face attacks from within are diffcult to make. In general, insider attacks are under- reported to law enforcement, prosecutors, and the media in general. Reasons for such under-reporting include an insuf- fcient level of damage to warrant prosecution, a lack of evi- dence to prosecute, and concerns about negative publicity. "If ignorant both of your enemy and yourself, you are certain to be in peril." — Sun Tzu While preventing all insider crime is impossible, employees and management need to understand that insider crimes do Defning Insider Threat An insider threat is a current or former employee, contractor, or business partner who: • has or had authorized access to an organization's network, system, or data; • can bypass existing physical and electronic security measures through legitimate measures. — Software Engineering Institute, Carnegie Mellon, 2012.