Insider Threat Prevention, Detection, and Mitigation
This chapter looks at the history of insider threat from its roots in espionage to individuals who have access to people, information, material, and facilities and who could compromise the critical assets of an organization in the government or private sector. It examines behaviors associated with an insider threat from the decades of the past when things were driven by pen and paper, to the current world in which activity is deeply rooted in technology and where business is conducted virtually and globally. In addition to understanding the threat and the dimensions of a malicious complacent or ignorant insider, focus will be directed toward thinking about mitigating that threat, through the development of a holistic and risk-based insider threat program. The use of a framework that is focused on prevention, detection, and response is presented. Key issues addressed include policy and its relationship to setting behavioral expectations, communication and training, vetting employees and third parties, and defining potential risk indicators that reflect critical behaviors indicating a potential risk. The chapter defines and outlines how behavior can be captured in data and correlated using technology (user behavioral analytics) to proactively identify changes in behavioral patterns over time. Such technology identifies escalation and triages alerts to anomalous activity in the service of interrupting forward motion of a potential threat. Finally, the chapter highlights several statistics that define the change of insider threats today, and leading practices to help develop a strategy to mitigate the insider threat and focus on a holistic and risk-based approach to this threat management issue.