Slam the Door Against Insider Threats
When a banker falls behind on the mortgage, a physician gets arrested for driving under the influence, or a contractor is working on a sensitive federal construction site under an alias, these instances would sound alarms – if employers knew.
After all, employees could be more liable to steal, plot nefarious deeds, or fall prey to blackmail because of their criminal or financial situations. But too often, employees do not revisit workers' criminal or financial lives after the pre-hiring background check – and that can lead to cybersecurity and physical dangers.
In fact, 62 percent of security professionals saw more insider threats over the past 12 months, according to "The Insider Threat Report," released on June 18 by the Information Security Community on LinkedIn. The reasons? Insufficient data protection strategies or solutions (53 percent); the fact data is increasingly leaving the network perimeter via mobile devices and web access (50 percent), and lack of employee awareness and training (50 percent), the report found. As a result, 64 percent of security professionals feel extremely, very, or moderately vulnerable to insider threats, according to the study.
Forty-five percent of those surveyed were unsure whether they had suffered an insider breach, but 22 percent blamed insiders for between one and four breaches in the past year. Almost one-fourth said they had undergone no insider breaches, the report said.
To combat insider threats, 75 percent of organizations monitor applications' security configurations and controls. Approximately half use server logs to monitor users' behavior and 28 percent rely on dedicated user activity monitoring. In addition, 21 percent continuously monitor user behavior and proactively monitor threats, the study showed.
By continuously analyzing publicly available information, organizations can help protect themselves when an employee's potential risk changes, said Raj Ananthanpillai, CEO of IDentrix, in an interview. The cloud-based platform, whose government edition is used by the Department of Homeland Security and the transportation industry, became available to commercial organizations in December 2014, he said.
"To catch terrorists is a government job. Commercial enterprises are more concerned about internal threats – about fraud, loss, and things like that," he said. "They worry about people doing harm to their brand and people stealing stuff."
IDentrix monitors between 65 and 70 publicly available attributes, said Ananthanpillai.
"In the transportation sector, I want to know if somebody got pulled over for drunk driving because my truck drivers are essential to my business and if they cause damage that is a huge liability to my company. Nine times out of 10, drivers self-report. But not always," he said.
In this example, when the DUI occurs, the system emails the administrator to say there's an update to an employee. The administrator then must log-on through the portal, which has multi-factor authentication, said Ananthanpillai. Organizations then can monitor the employee to follow the case and follow its outcome, he said.
Drunk driving might be of less interest to a financial institution, but a bank manager suddenly in financial straits could be of more concern, Ananthanpillai noted. Or a person who earns $100,000 who buys a $1 million boat could warrant further scrutiny, he said.
"You can provide relevancy as well, what is more relevant than others.Financial services may have different kinds of alerts. They have to further investigate those kinds of alerts," said Ananthanpillai."You have to due process."
To Protect and Serve
Real-Time Technology Group, whose clients include the Port Authority of New Jersey, develops "trusted communities of people," including the contractors and construction workers who built the new World Trade Center, said CEO and co-founder Dan Krantz. Having true continuous monitoring enhances security and brings down the cost, allowing more organizations – government and commercial – to enhance their security, he said.
"One of the key challenges is reducing the cost of background screening. A real tool in reducing the cost will be IDentrix," Krantz told Enterprise Tech. "You're not waiting three years to do a screen on somebody. You're narrowing the cost of investment and adjudication to a specific charge. It will reduce [our] background screening cost by as much as 40 percent which is a big number."
Transparency is crucial to continuous monitoring and it's vital for employers to be open about the process, he said. For example, more than 40 unions embraced Real-Time's Secure Worker Access Consortium, which guarantees members' identities and access authorizations, said Krantz.
For example, Real-Time discovered three members were dead, insight it might not have gathered until the next three-year background check and identifications that criminals could have used to gain access to the sensitive construction site, he said. It also found some aliases and arrest records for "potentially disqualifying offenses," added Krantz. But, he cautioned, these individuals probably found jobs elsewhere, at an organization that doesn't conduct such stringent security checks.
"No matter what attribute is relevant – in finance markets it might be liens and judgments – those are indicators someone might be susceptible to taking a briefcase full of money so someone can get on the floor of the stock exchange," he said. "That is very valuable to all sorts of threats in all sorts of vertical markets. People understand the need and embrace the need to securely and privately become knowing of certain personnel attributes but the public wants it to be relevant so it's not intrusive or deemed as Big Brother. In the N.Y. program, we have support of over 40 of the area's largest unions. Participating in these types of programs makes them known as skilled, known, and threat-free unions."
Continuous monitoring could have prevented the September 11 attacks if defense or other organizations had monitored the terrorists who hijacked the airplanes during their training, said Krantz. "If we had insight into pilots who knew how to take off but didn't know how to land, we could have averted 9/11. These particular individuals seemed to be much more interested in taking off than landing," he explained. "It's that kind of actionable intelligence we need to find before they fly into the World Trade Centers – and that's what we as a company want to do."