Revamping your insider threat program

Why it's important to do now, and factors to consider.

Think headlines about data theft and leakage have nothing to do with you? Think again. Many of these incidents have a common theme: Privileged access. It's your job to make sure your organization doesn't fall victim to the same fate by at the very least examining your existing insider threat program, and perhaps doing a major revamp.

Edward Snowden's theft and release of National Security Agency data, Army Private First Class Bradley Manning's disclosure of sensitive military documents to information distributor WikiLeaks and the shooting at the Washington Navy Yard by a credentialed IT subcontractor have given IT executives across industries pause to reconsider their security policies and procedures.

Tips for insider-threat mitigation

-- Sandra Gittlen

"A crescendo of discussions is happening in boardrooms everywhere about the impact an insider could have on corporate assets," says Tom Mahlik, deputy chief security officer and director of Global Security Services at The MITRE Corporation, a government contractor that operates federally funded research and development centers.

The Washington Navy Yard incident cost 12 people their lives; the full impact of the WikiLeaks and Snowden data releases cannot yet be quantified.

"These incidents have added another dimension to the threat paradigm -- privileged access," Mahlik says.

Mahlik suggests that existing insider threat programs must increasingly be focused on users with elevated or privileged access to critical information. To that point, he is leading an overhaul of MITRE's own program. His goal is to understand the threats insiders pose and to deter those threats via a program that synchronizes people, policies, processes and technology. "We are in the nascent stage of this effort," he says.

Realizing the new threat

See the rest here:
Revamping your insider threat program