How Government Contractors Can Prevent Insider Threats
With reports that another government contractor is under investigation for potentially leaking leaking sensitive information, government contractors may wonder how to stem the tide of leaks gushing forth.
The FBI arrested a former National Security Agency contractor last August in an investigation over whether he stole and leaked classified computer code used to hack into the networks of foreign governments.
How are contractors affected?
Government contractors with a Facility Security Clearance are required by the Defense Security Service (DSS) to certify compliance with the National Industrial Security Operating Manual (NISPOM) by November 30. This requires contractors to “establish and maintain an insider threat program to detect, deter and mitigate insider threats.”
Insider threats are much more difficult to prevent according to a panel of digital security experts, since they have easier access to information. The Verizon Data Breach Investigation Report 2014 revealed that an estimated 25 percent of data breaches are from insiders, while 72 percent are from outsiders. Still, the damage caused by insider leaks are usually much more severe. It can take months or even years to detect a leak by an insider and by then, the information could be freely given away. Mitigating the damage after the leak could prove to be troublesome as well.
How can you help prevent insider threats?
Being compliant with NISPOM Change 2 with a insider threat program is the first step. According to cyber security expert Steven Grossman, it isn’t enough.
“The greatest challenge is connecting the dots between what is known by government managers about how their contractors interact and access sensitive assets (which is accomplished via on site and technical behavior monitoring), business context surrounding those activities (via application security owners) and what is known by the contractor’s employer regarding the behavior of their employee,” Grossman said.
Grossman says the indicators for a leak are usually there, but detecting them requires the right combination of technologies and procedures discover them before a leak occurs. Appointing a senior company official to enforce this insider threat program and policies will not only help with compliance, but help to mitigate threats.
But this is only the beginning. The NIPSOM due date is just a starting point and the program is expected to evolve over the next several years as attackers continue to become more sophisticated and threats evolve. Protection from outside hackers and insider leaks is a constantly evolving battle, but if sufficient resources are allocated to it, you can save your company from severe damage to reputation and prevent the loss of sensitive information.