Pentagon Leak Shines a Spotlight on Insider Threat

The recent headline featuring the leak of classified pentagon documents is this month’s high-profile example of the growing insider threat phenomenon that is occurring more regularly than most people realize both in the public domain as well as the private sector. With an arrest and investigations underway to determine the full scope and implications of the leak, it is shaping up to be one of the most damaging breaches in years.

In the aftermath, the situation also raises questions about the procedures the U.S. government has in place or is taking to protect sensitive information and ultimately safeguard national security. While many US agencies have improved their capabilities to detect anomalies in the movement of data, an insider risk management solution is the only way to truly analyze and predict evolving risk originating from inside actors – employees, partners, vendors with legitimate access to systems and sensitive data.

The spotlight is on an Insider

An insider is any person who has or had authorized access to or knowledge of an organization’s resources, including personnel, facilities, information, equipment, networks, and systems. 

An insider threat is the potential for an insider to use their authorized access or understanding of an organization to harm that organization. This harm can include malicious, complacent, or unintentional acts that negatively affect the integrity, confidentiality, and availability of the organization, its data, personnel, or facilities. 

At the center of the Pentagon case is an insider, a 21-year-old Air National Guardsman who had top security clearance as required for his job working as a cyber defense operations journeyman. He is now facing criminal charges under the espionage act.

What security controls?

This latest leak raises questions about how the U.S. government is able to protect against such breaches. Who and how much access should different officials have?

Coverage from various media sources cite security policies and risk controls for handling both digital and printed classified documents along with digital logs for capturing evidence in the investigation and any potential prosecution that results.

But as we know, insider threat activity can often go undetected, and evade more typical security solutions which tend to be focused on external vectors.

As is the case in question, allegedly hundreds of classified documents originated and were removed from the accused Guardsman’s office, and then shared in an online community with millions of viewers. Reports suggest that months passed before the leak was discovered, and the expanse of disinformation spread since its disclosure is hard to qualify.

Critical capabilities for spotting risk

The insider threat surfacing in this case underscores the need for key defenses that only an insider risk management solution can address. Let’s discuss a few.

System and endpoint monitoring
Real-time threat detection monitors all infrastructure and network activity to identify trends and anomalies based on modeled behavior and custom configured security policies. Security oversight and continuous inspection of all devices including cloud services, offsite computers, and peripherals such as Lexmark printer integration ensure digital and hard copy security.

Secure data in use, at rest and in motion
Analytics of user access and handling of sensitive data, proprietary files, PII, account information understand which behaviors represent risk. Advanced threat detection in email, mobile, social, and employee collaboration tools keeps sensitive data safe across all channels, on and off the network.  

Real-time risk insights
Trend and risk analysis coupled with real-time alerts to changes in behavioral patterns and/or potential non compliance concerns allow security teams to triage and contain an incident before data leakage or damage occurs.

Event forensics
Dashboard views provide real-time investigation and knowledge of “who, what, when, why, where” actually happened to determine how to respond to any vulnerability. With timeline and trending information for different event categories, administrators can quickly investigate and address ongoing issues or newly developing trends.

Take the steps to protect your organization from insider threat

Bottom line, to stop insider threats–both malicious and inadvertent–you must continuously monitor and take action when incidents arise. Organizations nowadays are financing more in technology, manpower, and training to combat insider threat. Are you ready to decrease your risk with innerActiv insider risk intelligence platform?