Former CIO of the FBI: Be prepared for insider security threats

Retroactive, defense-minded strategies no longer fit within the new normal that information and security officers face today. Companies must modernize their cultures, mindsets, processes, and systems and shift to a proactive stance by developing detection and response methodologies that equal the speed and scale that hackers bring to bear in today’s modern threat landscape.

Most chief information security officers focus solely on battling malicious activity from the outside-in, completely ignoring the threat within their own walls. Insider hacking accounts for 35 percent of all cyber attacks and cost US companies $40 billion in 2013 alone, according to SpectorSoft. The Morgan Stanley, NSA, and Sony security incidents are examples of preventable breaches potentially orchestrated with the help of employees and/or contractors. The large majority of these attacks result simply from poor housekeeping with outdated tools.

Fortunately, there are simple, common sense steps companies can take to protect themselves and their data.

Do the easy stuff first

Keep your operating system patches, third-party applications, antivirus software, and firewalls up-to-date and ensure systems require strong authentication. Consider a digital rights management program and encrypt important data. It might sound easy or trivial, but organizations that have a large number of endpoints and sensitive data simply are unable to keep their systems standardized and up-to-date. Hardened targets will thwart many attacks.

Access management should be a top priority 

Give your employees exactly the amount of access that they need to do their jobs, and nothing more. The two overarching themes in an effective access management program are “least privilege” and “need to know”. In addition, embrace application whitelisting as a network-wide policy to protect from malware and unapproved applications without taxing your team. And don’t forget: Access management extends to physical spaces.

Monitor for abnormal behavior

Understanding your employee patterns — and when someone deviates from them — exponentially strengthens your defense against insider threats. Perhaps someone accessed the building outside of their normal working hours, downloaded a huge amount of data, or printed an unusual amount. A data retention and analytics program can alert you of suspicious behaviors and activities, and flag potential issues before they materialize.

Think like an investigator

Establish relationships with the local FBI special agents in your area prior to needing their assistance. Work with law enforcement and your legal team to define retention policies and to implement appropriate processes for handling evidence. Compile electronic communications into a central legal records repository, including email, SMS, pin-to-pin, instant messaging, faxing, printing, scanning, and copying. A holistic data collection, retention, and search program is paramount to an effective counter intelligence program.

Follow your devices out the door

“Continuous monitoring” is no longer good enough — a security platform should enable “continuous compliance.” You need to communicate with your devices even when they leave your network. Continuous compliance should allow you to immediately query, take action, update software, and set alerts for devices. As long as your devices are connected to the Internet, they must remain under your watchful eye.

Background checks are a must

Many companies fail to really understand whom they are hiring. You should not only conduct criminal background checks, but you should also check for problematic financial information that could make individuals susceptible to bribery and blackmail. In the end, people will always be the weakest link in your security program and you should spend time, energy, and money ensuring that you are hiring, training, and motivating a loyal, security-conscious workforce.

Chad Fulgham is the chief strategy officer for Tanium. In his career, Chad has held top security positions across the U.S. government, Wall Street and Silicon Valley.  Chad has served as the chief information officer of the FBI, a vice president of Lockheed Martin, and a senior vice president with Lehman Brothers.