"Is your organization Edward Snowden-proof?"
That's the kind of line cybersecurity software makers have been pushing in the months since contractor Edward Snowden published internal data from the National Security Agency. Snowden's leaks were damaging to the government, but the private sector also took the lesson to heart. Most large companies have some kind of sensitive data, and Snowden is their worst nightmare: the high-level techie gone rogue.
Insider attacks account for about 20 percent of cyberattacks, according to industry reports, including a 2011 survey conducted by CSO Magazine. Though they may be rarer than threats from outside hackers, they tend to be the most costly. Firms that had to deal with insiders who turned report greater disruption to critical systems, loss of proprietary information, and harm to their reputation, in addition to higher monetary damages.
The specter of Snowden is haunting the private sector
With all this in mind, the specter of Snowden is haunting private companies. Increasingly, workers in security operations centers — the IT hubs in large enterprises that deal with security — are being asked to monitor for insider threats. At the same time, security software makers are peddling their wares by dropping the whistleblower's name.
A cardboard cutout of Snowden greets visitors at the beginning of the sponsor hall at this week’s Black Hat security conference, put there by FileTrek, a security firm that tracks all files that enter and exit a company’s system. In August, the cloud security software maker HyTrust will host a webinar on "Filling the Snowden Hole." Last week, the subject line of an email blasted out by the trade publication SearchSecurity.com read, "Why an Edward Snowden incident could happen to you," which one industry veteran told The Verge was "little more than ambulance chasing."
During a talk at Black Hat called "Combating the Insider Threat at the FBI," Patrick Reidy, the former chief information security officer for the Federal Bureau of Investigation, outlined his research on threats from "an authorized user, doing authorized things, for malicious purposes." Malicious insiders account for about 19 percent of cyber attacks at the FBI, but those incidents were about twice as costly as all the attacks by outsiders.
The best way to combat these threats is to know everything about your employees, Reidy said, especially past firing and hiring history and, of course, what data they're supposed to be accessing. The next preventative move is to set up a system to carefully monitor when data enters and leaves the company system and watch for anomalies. There are software tools that can help prevent insider leaks, he said, but many tools marketed this way are ineffective.
Snowden was not a typical insider threat
Companies do have good reason to fear threats coming from inside the building, but the data show that Snowden was not a typical insider threat. His job as an infrastructure analyst granted him a lot of access, while only about 1.5 percent of espionage cases are privileged users. He was standing up for a cause he believed in, while most malicious insiders are mercenary. The fear of an "Edward Snowden incident" is prompting more companies to lock down their internal operations, but he's not the type of person they should be worried about. We're not entering an era of vigilante data liberators who must be kept in check by expensive software. The real insider threat is the same as it always was — mostly low-level employees just trying to make a buck on the side. And, again, even the fanciest software is going to have a hard time preventing that.