Security Minded - from Kai the Security Guy

Some thoughts on security (and other stuff) from a Microsoft security professional

Dripping Data: Understanding and Reducing Insider Threat (Part IV)

Dripping Data: Understanding and Reducing Insider Threat (Part IV)

  • Comments 1
  • Likes

After traveling the past 4 weeks non-stop, with barely enough time to figure out what time zone I'm actually in....I'm back with another installment of Insider Threat. Today we'll discuss the motivators for why this is happening. Let's get started!

image "Why Mr. Bond......thank you for your service."

I had the opportunity to attend a session recently, delivered by H. Keith Melton, noted author and instructor at the CICentre.com. He mentioned during his presentation that there are currently more intelligence operatives out of work now, then ever before in the history of the world. How is that possible? Well, the Cold War is pretty much over, and you have a lot of people trained in these various skills, whose service is no longer required. To the best of my knowledge, mortgage payments and water bills don't stop simply because Mr. Bond is "pursuing opportunities outside the agency." Like you and me, these guys have mouths to feed, so they often turn to a role that is not only easier, but also much more lucrative: Industrial Espionage. It's really just a matter of asking yourself the question, "Does the risk equal the reward?" and sadly enough, it does.

 

 

 

"What's my motivation, Mr. DeMille?"

In order to be successful in their attempts, insiders need 4 items:

  • Opportunity - That means....do they have access to assets? Of course, the answer is almost always "Yes." Access provided by you makes their life easier.
  • Motivation - When we discuss motivation, we'll use and acronym that's been used to identify motivators for people to conduct espionage since the early days. Just remember MICE.
    • Money - Does this really come as a shock to anyone? It's not just that they'd like to make more money....every employee wants that, and not every employee is stealing your data. It's the reason of why do they need more. Does this user have a gambling debt hanging over his head? A $1000/day drug addiction? Remember that huge spy case a few years ago? The FBI agent who was providing classified data to the Russians? Robert Hanssen had an "exotic dancer" girlfriend he was putting up in a small apartment. Rent in downtown D.C. is pricey....and so he needed additional funds. Again, it's usually not about the money they "wish they had", it's about "money they absolutely need" or something bad will happen.
    • Ideology - "I hate you. I hate your company. I hate what your company manufactures. I hate where you do business and with whom you do it." Sadly enough, not everyone is ecstatic about what it is your company does. Somewhere, someone is opposed to it. When these type of people can get access to your data, you can bet they'll be trying to harm you.
    • Coercion - Often there is a threat to them or their family. Often a perceived threat will work just as well. Everyone remember the movie The Godfather? "I'm not going to ask you for anything today, but there may come a day when I'll need your assistance." That's a pretty good example of a perceived threat! Sometimes people can be blackmailed into doing something. "If you don't do this, I'll tell someone that you did that." Be careful, because this one is tough to stop. Going to lunch with some customer who just wants you to look over some documents? What happens if someone across the diner takes a snapshot of you handing him back a stack of papers? If some docs come up missing later, and they think this customer has them...and this lunchtime photo ends up on the CEO's desk.....think you won't be asked some questions? Ahhh coercion...cheap and effective. Perception is reality.
    • Ego - I like being in IT. Good job, and the end users think you're about the smartest guy on the planet. (Unfortunately, other IT guys know the truth.) It's flattering to be thought of as the "Guy Who Can Fix Any Problem". Often the biggest egos are also the most fragile. How do you take it when an end user proves you wrong about an IT issue? (I know, I know.....it'll never happen...but play along.). You get chapped. You get embarrassed. Well, think about how you'd feel if you got passed over for promotion to the Director of Network Security by someone in the Sales Team, because they "owed him". You'd be downright insulted....and you might start thinking about revenge. Isn't ego grand?
  • Ability -  This is only needed in the smallest amounts, which makes it so frightening. How much skill is required to open up Windows Explorer and browse a list of share you have access too?
  • Trigger - Finally, they need something that is the "final straw"....something that just sets them off and causes them to act. Not everyone who has money issues, doesn't like their work situation, etc. should be considered a threat to your security...but in every example of insider threat......there was always some thing that set them off. Something has to push them over the edge....and that is the type of thing we need to be watching for.

NEXT TIME: Insider Threat continues with: "The Target: What Are They After??"

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment