1

Insider Threats

Tom McAndrew

1

Ninja

2

ONNA- “Woman”

Ninja

Shinobi

KU – “NINE”

NO – “AND/TALENT

ICHI – “ONE”

HIMEJI Castle

American Ninja Warrior

3

Today’s Threats

4 http://www.nsa.gov/research/tnw/tnw194/article2.shtml

“The ongoing cyber-thefts from the networks of

public and private organizations, including Fortune

500 companies, represent the greatest transfer of

wealth in human history.”

ONCIX

5

ONCIX

6

• Insider threats remain the top counterintelligence challenge to our community.

• Over the past century, the most damaging U.S. counterintelligence failures were perpetrated by a trusted

insider with ulterior motives.

• In each case, the compromised individual exhibited the identifiable signs of a traitor – but the signs went

unreported for years due to the unwillingness or inability of colleagues to accept the possibility of treason.

• Insiders … are people who have been lured to betray their nation for ideological reasons, a lust for

money or sex, or through blackmail.

• Mankind's methods may change – but core motivations do not.

• Insiders convicted of espionage have, on average, been active for a number of years before being

caught.

• The damage caused by malicious insiders will likely continue to increase unless we have effective

insider threat detection programs that can proactively identify and mitigate the threats before

they fully mature.

http://www.ncix.gov/issues/ithreat/index.php

NITTF

7

Six Recommendations from FBI

8

“Remind employees that reporting security concerns is vital to protecting your company’s intellectual property, its reputation, its financial well-being, and its future. They are protecting their own jobs. Remind them that if they see something, to say something.” – FBI Insider Threats

Ease of Implementation

Less Technical More Technical

2. Educate and regularly train employees on security or other

protocols

4. Ensure that proprietary information is adequately, if not

robustly, protected.

1. Use appropriate screening processes to select new

employees.

3. Provide non-threatening, convenient ways for employees

to report suspicions.

5. Routinely monitor computer networks for suspicious activity.

6. Ensure security (to include computer network security) personnel have the

tools they need.

FBI: http://www.fbi.gov/about-us/investigate/counterintelligence/the-insider-threat ONCIX: http://www.ncix.gov/issues/ithreat

Why we need Network Analytics?

9

Rapid Adoption of 4 “Game Changing” Technologies

10

Final Note

11

Thanks for listening.

Tom McAndrew

Tom.mcandrew@coalfire.com