From: Defense Systems/Commentary
By Chris LaPoint
When people think of the term “inside job,” they typically envision a “Thomas Crown Affair”-type Hollywood thriller, filled with crooks using their wits and technology to stealthily make off with stolen goods under the cover of night.
For DOD IT teams, the reality of an insider threat may be far more mundane, though no less critical. In a recent survey by my company, SolarWinds, 53 percent of DOD respondents said that careless or untrained inside resources posed a serious threat to security – a higher percentage than the usual suspects, including foreign governments, terrorists or external hackers. Insider data leakage and theft were also mentioned as top concerns by a significant number of respondents.
There are many reasons why insider threats have become so commonplace. For one, there’s the proliferation of personal devices on secure government networks. For another, there’s always the threat that someone on the inside – someone like Edward Snowden, for example – could be planning to use his or her internal credentials to access proprietary data. Finally, there’s also the fact that sometimes people make mistakes and simply forget to take all of the necessary precautions to lock something down.
But while the threat level is real – and rising – there are several things defense systems managers can do about it.
1. Keep a close eye on suspicious activity
It’s like going on a virtual stakeout, but hopefully without the stale donuts and cold coffee. Instead, DOD administrators can sit back comfortably – as long as they’ve implemented a continuous monitoring system that can be their eyes and ears. The system can be set to continually scour activity on the network and automatically alert IT teams to potential breaches, data leaks or suspicious activity. Security Incident and Event Management (SIEM), Network Configuration and Change Management (NCCM), and User Device Tracking are examples of popular tools employed to deliver continuous monitoring.
Leave a Reply