Contact Admissions: (866) 967-7046

email: onlineprograms@lewisu.edu

Computer science students in a meeting

Insider Threat Detection

Companies and the information they house are exposed by a variety of attacks that could destroy or manipulate electronic information, unless adequately protected. Most people see these attacks as a threat from outside of the organization, as most viruses and malware make their way into the system from external sources. However, in many cases, the greatest threats to companies originate inside their own system.

Understanding Insider Threats

The FBI Counterintelligence group notes that the “thief who is harder to detect and could cause the most damage is the insider –— the employee with legitimate access.” Employees who are insider threats may steal for personal gain, as an agent or spy for another company, and in some instances, as an agent or spy for another country.

These individuals typically engage in the theft or editing of intellectual property, personnel information, financial records or compliance data. While most insider threats are malicious and intentional, there are also occasions where an employee can accidentally share or distribute information that can also constitute as an insider threat.

Identifying Insider Threats

According to the FBI Counterintelligence group, there are a set of personal factors that can indicate internal data theft. Some of these factors include:

  • Greed or heightened financial stress.
  • Vulnerability to blackmail.
  • Anger or revenge toward the organization.

You can also look for behavioral clues as well. Potential indicators of theft are:

  • Frequently takes materials home, even when there isn’t a specific need to do so.
  • Copies a lot of material, even when there isn’t a specific need.
  • Accesses the company network remotely at strange times, such as while on vacation.
  • Works unusual hours without need or authorization, stays late or comes in early.
  • Becomes paranoid about being investigated, watched or listened to.

Managing Insider Threats

One of the biggest challenges with insider threats, especially cyber threats, is catching and managing threats before they can access too much information. The attacks can happen quickly, and without real-time monitoring and dialogue between security systems can go unnoticed until it is too late.

To help in the management and early prevention of cyber threats, scientists at the Department of Energy'’s Argonne National Laboratory have developed a security program called the Federation Model for Cyber Security. The Federation Model is designed to help cyber security defense systems communicate instantly and effectively when an attack is detected. The benefit of this system is knowledge: by alerting other systems that an attack is in progress, they will be able to take easures to protect information.

This model takes a new, real-time approach that DOE scientists, which includes Lewis University instructor Matt Kwiatkowski, believe will strengthen overall insider cyber security threat support as hostile activity typically attacks multiple systems simultaneously.

The Federation Model for Cyber Security is available for private use, and can transmit information on the domain names and IP addresses of the threats in progress. Scientists anticipate that in the near future the system will be able to also capture and share emails and URLs related to the threat, which will make detecting insider cyber security threats specific down to the individuals involved.

Preventing Insider Threats

In addition to managing threats, The Federation Model for Cyber Security provides preventive benefits for organizations that utilize it, as alerting employees to the specificity of threat detection can deter would-be attackers.

Other strategies for reducing the likelihood of threats, including personal adjustments and other technical considerations include:

  • Setting up monitoring programs for computer networks.
  • Tracking remote access.
  • Setting up keystroke logging software.
  • Ensuring that information is properly classified and high-classification items are kept behind limited access firewalls.
  • Educating individuals on what constitutes a theft or threat, and how to report it.

Insider threat detection is an important asset for modern companies. Be sure to have an individual experienced with information security on staff and engaged in the daily technology operations of your organization to keep your intellectual property and sensitive records secure and well protected.

Discover More

Business demand for specialized knowledge in a growing digital world will continue to expand as new technology security concerns arise. Lewis University’s online M.S. in Computer Science with a concentration in Cyber Security teaches students how to identify cyber threats, design combative software systems against an attack and investigate the aftermath using digital forensics tools. To learn more about the master’s degree call (866) 967-7046 to speak with a Graduate Admissions Counselor or request for more information.