Insider Threat – One of the Biggest Risks We Face
The Obama Administration had more damaging leaks than any Presidential Administration in modern history. From the hundreds of thousands of highly classified diplomatic communiques leaked by Chelsea Manning to the devastating theft and release of millions of Top Secret U.S. Intelligence Community documents by Edward Snowden, insiders have caused exceptionally grave damage to the U.S. government and, ultimately, to the security of the American people. President Obama responded by issuing an Executive Order requiring every government agency to establish an Insider Threat program to deter, detect and investigate incidents involving unauthorized disclosure of government secrets. The implementing of regulations in most government agencies was expanded after the Navy Yard shooting and now includes unclassified but sensitive data and issues surrounding workplace violence.
The Executive Order apparently hasn’t had much impact, as well over two years after it was issued, a government contractor by the name of Robert Martin was arrested for stealing over 150 terabytes of information from the National Security Agency and six banker boxes full of Top Secret documents. Just to put this into perspective, a Terabyte of data is equivalent to 1,000 copies of the Encyclopedia Britannica. Ten Terabytes is equivalent to the complete printed collection of the Library of Congress. How can anyone at NSA, after the devastating lack of security controls that led to the theft of and disclosure of classified information by Edward Snowden, still be allowed to download data equaling over 15 times the entire contents of the Library of Congress?
Corporate America is not immune to significant losses of proprietary company information. It is increasingly difficult for companies to protect their most sensitive plans and trade secrets in today’s connected society. The social media phenomenon where everyone posts every detail about their lives creates incredible levels of risk for corporate America. In addition to employees unwittingly sharing way too much information about what they are working on in their social media posts, insiders are still responsible for the greatest number of trade secret thefts and other proprietary information losses.
Security executives need to work harder than ever in establishing programs that educate employees, resident contractors and supply chain partners relative to the need to safeguard sensitive company information. Security awareness training can’t be just tacked onto the new employee orientation program. It must be a significant and ongoing effort that includes frequent reminders of the responsibilities and obligation to safeguard sensitive company information. It is equally important to establish strong security policies, procedures and processes addressing the use and protection of sensitive information. In addition, companies must be much more aggressive in monitoring what employees are doing with the information to which they have access. Corporate America’s future depends upon aggressively safeguarding its crown jewels.