Insider Threat: Lone Wolf vs. Wolf Pack
April 13, 2018
By William Bo Vastine
In June 2013, the world learned what was meant by the term “Insider Threat” when a government contractor named Edward Snowden leaked classified information to media outlets to right what he perceived to be a wrong. Although we didn’t know it at the time, we would witness the damage one insider can do to an organization and, in this case, to America’s national security.
Edward Snowden breach the trust of his employers by exploiting his access to U.S. Government databases to reveal a treasure trove of classified documents to journalists.
Regardless of your politics or opinions regarding authority and transparency in government information collection strategies, the morale of the Edward Snowden story is that an insider can rationalize his/her actions to break policies and breach security controls to achieve their malicious objectives. What should be highlighted from this story is that insider threats are real, and they can do unimaginable damage.
Unfortunately, the Edward Snowden case presented the Insider Threat as a single individual with a score to settle — i.e., a lone wolf working for a nefarious cause. Imagine, if you will, that your organization employed not just one “Edward Snowden”, but dozens of them? Do you have the security controls and monitoring systems in place to identify the pack of wolves working to defeat your organization’s policies, procedures and security controls?
The threat facing the United States isn’t a Lone Wolf scenario like Edward Snowden. The real threat to American innovation is a “Wolf Pack” attack scenario. The “Wolf Pack” threat is multiple insiders, including employees, contractors and external partners, all working to steal information from their employer (versus a single individual that is looking to right a perceived wrong and exploiting his/her access to do so).
What if EVERY R&D organization in the United States was being targeted by foreign powers to steal American innovation? Unfortunately, as reported recently, America is under a persistent insider threat attack. And not all insider threats are created equal. The Nation State-Sponsored Insider Threat is the most pervasive and damaging of all insider threats.
Every day we see a deliberate and organized attack designed to steal our trade secrets. It comes in the form of disloyal visiting scientists, misrepresenting trade missions and delegations, nefarious academic exchange programs and venture capital infused in our research and innovation with the sole purpose of siphoning off American competitiveness.
- What does it mean to your organization?
- What does it mean to our economy?
- What does it mean to our National Security?
- Would your organization care?
- Would your organization do anything to stop it?
The network visualization chart below represents a real-life operational environment and the relationships established by Nation State-Sponsored Recruitment Programs to infiltrate and steal valuable innovation.
Insider Threat Threat Risk Mitigation Best Practices
Organizations should consider implementing a risk mitigation strategic plan to reduce the likelihood and impact of an Insider Threat incident within their organization. It is consider a “best practice” within information and physical security, compliance and ethics practicioners to safeguard trade secrets and other innovation assets against the insider threat through the identification, assessment, and mitigation of suspicious insider behavior.
Trust Farm, LLC provides a turnkey Insider Threat Management-as-a-Service (ITMaaS) to assist organizations to identify, assess and mitigate risks related to the loss, theft, and misappropriation of trade secrets and other proprietary information. Contact us to learn more about our approach and Insider Threat Management solutions.