The Accidental Insider Threat: Is Your Organization Ready?
Meet the Panel
- Raynor Dahlquist, Panel Moderator
Vice President, Booz Allen Hamilton. Ms. Dahlquist is the Director of the Booz Allen Cyber Solutions Network™ capability, which uniquely addresses cyber threats for clients through an integrated constellation of cyber centers and labs.
- Tom Kellerman
Vice President, Cyber Security, Trend Micro. Within this role Mr. Kellermann is a trusted advisor for Cybersecurity. He is responsible for analysis of emerging cybersecurity threats and relevant defensive technologies, strategic partnerships, and government affairs.
- Angela McKay
Principal Security Strategist, Microsoft. Ms. McKay focuses on driving strategic change to advance cybersecurity and resiliency. She leverages her 10+ yrs. of experience to address complex global challenges related to critical infrastructure protection and information assurance.
- Michael C. Theis. CISSP, SSA (retired)
Chief Counterintelligence Expert, CERT Insider Threat Center. Mr. Theis uses his experience in the US Intelligence Community and in computer systems engineering to aid the CERT Insider Threat Center further its research and development of socio-technical controls in Computational Endoparacology (insider threats).
About Our Panel
October 2, 2012 at 12:00 PM ET
Expert Reactions: Timothy Tinker, Senior Associate
Angela McKay’s four-part approach of prevention, detection, containment, and response provides a useful corollary for examining the interactive effects of an organization’s operational response with their communications response. It also provides a flexible framework for improving current approaches to urgent and emergent communication during all phases of cyber incidents. When optimally combined, the operations-communications dyad can increase situational awareness and create a common operating picture that reflects the demands of a cyber incident as the event unfolds, media coverage intensifies, and public trust and reaction fluctuate depending on the effectiveness of the organization’s response. As an integral component to the broader operations response, the role of communications is to ensure that:
- Cyber personnel have the requisite communications skills, competencies, and training to effectively respond to the full spectrum of cyber incidents, from least to most catastrophic;
- Policies and actions are in place to guide the organization’s spokesperson and messages;
- A comprehensive and phase-based approach, consisting of communications readiness, response, recovery, and resilience, is established. When consistently anticipated, prepared, and practiced this approach provides a more dynamic and integrated method for how operational and communication response decisions are made as a cyber event unfolds.
Expert Reactions: Thomas Chandler, Principal
Michael addresses a couple of issues that are critical to our ability to detect and mitigate threats from insiders. The first is the importance of education and awareness, particularly related to accidental insiders. All the awareness training in the world is not going to stop a malicious insider, but it will contribute to decreasing the number of accidental events simply because people will be more aware of incidents that can cause problems on networks. The second is the importance of modeling behavior in order to identify when someone does something outside the expected norms. No doubt, modeling expected behaviors will help reduce the number of false positives in our quest to identify insider threats. However, I would expect modeling behavior to be more significant in detecting malicious insiders because “accidental” events are normally a violation of a security policy.
Expert Reactions: Anuj Soni, Lead Associate
Tom hits on one of the key issues when considering the accidental insider: the most important exploit in compromises, such as the one he mentions, is not the technical attack against a user’s browser or other client software, but the exploitation of a user’s trust. Those who would do us harm will continue to discover zero-day exploits that take advantage of previously unknown vulnerabilities, and this motivates technology companies to create more secure software and better systems to detect and respond to threats. At the same time, organizations must be motivated to develop more creative and effective approaches to educate their users about the risks they take each time they interact with e-mails and other network resources. Individuals often think twice about walking down a dark alleyway alone, but for many people, clicking on a link in a potential phishing e-mail still doesn’t justify a moment’s pause. Efforts to address a problem where people play a critical role cannot be solved without a solution that helps those people.
Read more and comment