As the National Counterintelligence and Security Center’s National Insider Threat Awareness Month (NITAM) nears its conclusion, it is appropriate to highlight the importance of training in every Field Security Officer’s (FSO) counterintelligence and insider threat program regime. Employees are our greatest asset and occasionally our greatest liability. While training is not always done well, it is still a key tool to reduce the likelihood of that asset evolving to be that liability.
Insider theft and fraud are two areas of concern
When thinking insider threat, Yash Prakash, Chief Strategy Officer, Saviynt proffered his two areas of concern which highlight the need for training the employee.
- Exfiltration of sensitive data: Today, Malicious insiders continue to grow more sophisticated in their attacks, as they are motivated to exfiltrate critical data. Enterprises should focus on prevention. Companies can halt data exfiltration by understanding who has access to what – and what those individuals are doing with this access. This approach allows businesses to spot threats earlier and prevent data loss and collateral damage from breaches, including loss of trust and potential fines.
- Fraud: Malicious insiders with access to critical systems might defraud the organization with illegal financial transactions that fly under the radar due to the access levels that they might have obtained. This could be due to a lack of Separation of Duties (SoD) controls or verifying the transaction for internal fraud.
We are familiar with the case of Izaak Kemp, Reality Winner, Harold Martin, and others who have secreted classified information on their person and carried it out the door for their own purposes, some nefarious and others simply odd. Similarly, the case of Varita Quincy comes to mind when we think of those cases where insiders who held security clearances and were in positions of trust feathering their own nests through fraud.
NITAM recommended training
As part of the NITAM the Center for Development of Security Excellence (CDSE) recommended two training courses which FSO’s, their colleagues and those who fall within the remit of the FSO for counterintelligence and national security guidance may wish to avail themselves – at their own pace, at their own locale as they are on-demand eLearning courses.
- The basics – Insider Threat Awareness, is 60 minutes following the theme of “If you see something, say something” which sets the table for recognizing suspicious behavior and identifying the reporting requirements. (Izaak Kemp was discovered because a police officer saw something and said something)
- The program – Maximizing Organizational Trust – 60 minutes of ideas on how to successfully build out the insider threat risk and awareness programs. Highlighting the need to be “fair, honest and transparent.”
CDSE’s offerings aren’t limited to those two cases, indeed there is a plethora of training content, including on-demand eLearning courses offered up by CDSE within their “Insider threat toolkit” which truly is one-stop shopping for the FSO responsible for creating an inside threat program, which includes an ongoing continuous training and awareness regime.
While NITAM may end soon, the lessons of NITAM need to be reflected 24/7/365.