Wikileaks insider threat: A lesson for government cybersecurity managers


“There is no patch for people.” That one-liner, made at a recent symposium in Washington on the Wikileaks insider threat, is no joke. It succinctly captures the hurdles facing federal managers when it comes to information security risks posed by their own users. And those hurdles are getting higher, as the Wikileaks case illustrates. Nor is Wikileaks just an isolated case: public data breaches by insiders in both the private and public sectors are on the rise.

While system breaches caused by the unwitting insider -- the employee who opens up an email message and falls for a phishing scam, for example -- are still a concern, it’s the malicious insider who represents the greatest risk. And, that risk means government cybersecurity managers will have to shift their efforts more towards actively combating that threat.
Particularly worrisome these days is the trusted insider “gone wrong”—the system administrator or IT executive whose actions turn malicious, for instance.
“You have a lot of folks that…pretty much have the keys to the castle,” said a security expert at the Homeland Security Department who asked to remain anonymous. “The enterprise admins have the ability to scour the entire network. That’s a hurdle that everyone has, especially with the move to managed services. You don’t know who the people who are managing your systems are anymore.”
Ken Ammon, chief strategy officer at Xceedium Inc., agreed that the ever-growing size, sophistication and complexity of systems have amplified the insider threat. “If you flash back 15 years ago, people who were considered privileged users -- those who had the ability to get to any platform or to any information within the infrastructure -- were a smaller group,” he said. “They tended to be the higher-assured employee or to be more fixtures than transients. Now you flash forward 15 years and the number of people and resources it takes to keep the systems running and number of people you give elevated rights or privileges to have dramatically increased.”
The advent of cloud computing also has expanded the insider threat, and even blurred the distinction between insiders and outsiders, Ammon added. “It has spread to vendors and contractors you have no control over,” he said. “You have a security boundary that has evolved and eroded from this inside-outside issue.”
Threat mitigation
The increasing visibility of the insider threat is shifting the focus from security policies and user training -- which likely have negligible impact on the determined malicious insider -- to technologies and tools designed to mitigate the threat. Testifying recently at a Senate Homeland Security and Governmental Affairs Committee on “Information Sharing in the Era of Wikileaks,” Corin Stone, the information sharing executive for the Office of the Director of National Intelligence, said the government must develop a comprehensive insider threat capability, of which technology is a vital part.

The Intelligence Community’s strategy involves three interlocking elements, Stone said:
  • Ensuring the right people have access to the networks and information they need to perform their duties, but not to information they don’t need.
  • Technically limiting the ability to misappropriate, manipulate or transfer data, especially in large quantities, such as by disabling or prohibiting the use of removable media on classified networks.
  • Auditing and monitoring user activity on classified computer systems to identify anomalous activity and follow up accordingly.
“In general, the idea that you can depend on written policy or that you have policy as a control for security is something that has to be retired,” Ammon said. “You have to modify that and put some technology in place. The days of … trusting someone to follow policy are gone, so you have to build in technical controls.”

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

LINK TO OUR HOME PAGE :
Voice Of GREYHAT is a non-profit Organization propagating news specifically related with Cyber security threats, Hacking threads and issues from all over the spectrum. The news provided by us on this site is gathered from various Re-Sources. if any person have some FAQ's in their mind they can Contact Us. Also you can read our Privacy Policy for more info. Thank You ! -Team VOGH
If you enjoyed VOGH News, Articles Then Do Make sure you to Subscribe Our RSS feed. Stay Tuned with VOGH and get Updated about Cyber Security News, Hacking Threads and Lots More. All our Articles and Updates will directly be sent to Your Inbox. Thank You! -Team VOGH

Categories:
Related Posts Plugin for WordPress, Blogger...