Snapshot Of Insider Threats Within Government
“Our problems are man-made. Therefore, they may be solved by man. And man can be a big as he wants. No problem of human destiny is beyond man.”
– John F. Kennedy
As we know, Insider Threat affects both the public and private organisations.
Insider threats are one of the biggest security challenges that Government face.
The sheer complexity of Government infrastructure and the critical and sensitive value of the information Government possess makes it easy for a clumsy or a malicious insider to compromise security and potentially cause severe damage.
Some of the most significant insider threat incidents took place within Government.
- Classified documents from Britain’s Defence Ministry containing details about a British warship and Russia’s potential reaction found in a soggy heap at a bus stop (2021)
- A former intelligence analyst for the US Federal Bureau of Investigation (FBI) has been indicted for stealing confidential files over 13 years (2021). Classified material included documents relating to cybersecurity threats, terrorism, intelligence bulletins, open FBI investigations, human operations, and files describing the “technical capabilities of the FBI against counterintelligence and counterterrorism targets.”
- Ex NSA worker (Harold Martin III) was charged in august 2016 for stealing 50 terabytes worth of data during two decades.
- Office of Personnel Management (OPM) breach in June 2015 compromised 21.5 million Government records.
- In Australia, in 2014–15 an Australian Bureau of Statistics (ABS) officer working at the Bureau’s Canberra headquarters was convicted of offences relating to the unauthorised disclosure of sensitive statistical information. Over nine months, the ABS officer provided an acquaintance in the banking industry with unpublished market-sensitive economic data, which netted approximately $7 million in illegal foreign exchange trades.
- Edward Snowden, a former contractor for the CIA, was charged in June 2013 by the US Department of Justice with two counts of violating the Espionage Act of 1917 and theft of Government property. It was estimated that he had copied, stolen, or downloaded around 1.7 million NSA documents, according to the Department of Defense.
- Chelsea Elizabeth Manning (Bradley Edwards Manning) in 2009 and 2010 leaked hundreds of thousands of documents, many of them classified—to WikiLeaks. As a result, she was charged with 22 offences, including aiding the enemy.
The CERT Insider Threat Centre (NITC) contains over 1,500 insider threat incidents used as a foundation for their empirical research and analysis.
Overview of Insider Threats within Federal Government
In total, CERT identified 77 non-espionage insider incidents where a Government agency was both the victim organisation and the direct employer. However, there were 34 additional incidents where an insider incident impacted an agency at another organisation.
By and large, these were incidents where a federal government organisation had employed a consultant or contractor.
The number one most observed Insider Threat incident with Federal Government was Fraud, followed by “Other Misuse”.
Insiders have a significant advantage over external attackers. This is because not only they are aware of the organisation policies, procedures and technology, but they are also often aware of the vulnerabilities.
Insider incidents are inevitable, and at some point, your organisation is likely to be compromised.
While this is unfortunate, it is a reality that must be proactively prepared for if your organisation is to withstand such threats.
Remember, there is no silver bullet in preventing insider threats. Having too many security restrictions can impede an organisation mission, and having too few may permit a security breach.
Fraud Snapshot Analysis
Around 61% of incidents impacting federal organisations involved Fraud. It included issues of fraud, waste, and mismanagement of federal funds.
- Who?
- 45.8% of insiders were worked with the organisation for five years or more
- 69.4% of insiders had an authorised account, and data
- 89.5% were full-time employees.
- What?
- 52.2% of the targets in Fraud incidents were related to personally identifiable information.
- When?
- For incidents where the attack was known (27), all involved during business hours. Half of these also involved activity outside work hours. No fraud activities were determined that only took place outside of work hours.
- Where?
- Around 97.6% of incidents took place on-site when attack location was known (41);
- Why?
- Around 97.8% committed insider Fraud because their motivation was financial gain.
As mentioned, the second most observed Insider Threat incident with Federal Government was “Other Misuse”.
Other Misuse by insiders can be described as those incidents that involve the unauthorised use of organisational devices, networks, and resources that are not better classified as Theft of IP, IT Sabotage, or Fraud.
Examples of Other Misuse include the use of organisational resources for personal benefit (e.g. obtaining access to colleagues’ emails without consent or a proper business purpose) or committing another kind of cyber-related crime (e.g. stalking or purchasing drugs), which in turn violate organisational policies.
Further Analysis
Insiders committing Fraud in Government tended to be in trusted positions and committed the incident during working hours.
The median financial impact was between $75,712 and $317,551, and three fraud incidents had a financial impact greater than $1 million or more.
Final Thoughts
Insiders who commit fraud are usually low-level employees who use authorised access during regular business hours to either steal information or modify information for financial gain. Insider fraud crimes are often long and ongoing and are bad news for the actual organisation.
Stolen information is usually Personable Identifiable Information (PII) such as payroll or other sensitive information, which is then sold to outsiders who commit the actual fraud against the organisation.
Perhaps the most notable feature of insider incidents within the Government was how prevalent incidents of Other Misuse. It is most likely that insiders that committed Other Misuse generally did so in furtherance of an additional crime.
Suggested Mitigation Strategies
- Mitigation protection for fraud-related crimes starts with better screening and identification of employees at hiring.
- Some insiders accumulate excessive privileges that enable them to carry out their crimes. It is therefore essential that you carefully control and audit roles.
- If possible, enforce separation of duties with all of your critical processes.
- A monitoring strategy for fraud should include monitoring access and data modification. May also include frequent random auditing on critical information fields.
- Utilise user activity monitoring solutions to identify user activities that can be used to detect fraudulent activities.
- Encourage employees to recognise and report suspicious behaviour, including outside facilitation.
- Develop an employee assistance program that includes financial counselling.
Need Help?
Are you experiencing an insider threat situation right now and not sure how to address it?
Are you interested in standing up an insider threat program?
If so, here is a simple two-step process for you to follow:
- Download the following article – “How To Develop An Insider Risk Mitigation Program In 7 Steps” – https://www.nakedinsider.com/InsiderRiskMitigationStrategy
- Please schedule a time to discuss your requirement.
- You can either call us on +61 2 6282 5554 or alternately or
- visit the Naked Insider website nakedinsider.comand leave your details so that we can follow up with you afterwards.
