At the National Security Institute’s Impact 2022 Seminar, National Counterintelligence & Security Center’s Acting Director, Michael Orlando shared, “The risks to government and industry from insider threats are severe. These threats can take many forms, whether it’s a federal employee coopted by a foreign adversary to steal sensitive information or a corporate employee clicking on a spear-phishing link that infects their company’s networks.”
Managing Threats from Russia, China, and Others
Orlando opened with feedback on the Russian threat environment, identifying how intelligence has been rapidly declassified regarding the Ukraine situation and has often appeared in the media. But he emphasized the importance of not underestimating Russian intelligence capabilities based on Russian military strategy and implementation. Orlando confirmed that Russian intel is very sophisticated in their HUMINT and SIGINT operations. But cyber conflict is an immediate risk and concern. More importantly, Orlando reminded the audience that that following technology sanctions on Russia, Russia’s illicit procurement will likely be on the rise, making insider threats increase.
But Orlando argued that people want to switch gears to Russia, but they shouldn’t ignore the Chinese government as the real threat. He stated that the government of China challenges the U.S. militarily and economically and they’re using their whole government effort to acquire our technology – both legally and illegally.
Orlando also emphasized middle-tier threats from countries beyond Russia and China. While we may ally with some of these countries, the threats are still out there. And a loss to a middle-tier threat is still big. Orlando stated that this all creates a very complex threat picture for security to manage.
The Stress Factor
Orlando zeroed in on the growth of the insider threat program, noting the changes that have come about over the past 10 years, leading to a more proactive approach, rather than reactive. However, following the peak pandemic events in 2020, the cleared workforce has undergone a higher simulated stress. Orlando listed the following changes:
- Increase in suicidal thoughts
- Shift in societal identity
- Raised tensions between policy and workforce rights
- Growth of outside influence groups, which foreign intelligence entities are taking advantage of
- Increase in social media influence
- Increase in turnover rates, bringing in foreign intelligence posing as headhunters
With a higher turnover rate, Orlando said to watch for Russia and China to increase their recruiting efforts, pushing to pull intel to their organizations.
Combatting the Rise in Insider Threats
With the increases in stressors in the workforce, Orlando cautioned that insider threats are up by 40%, and more importantly, half of the threats are due to neglect. Training staff and maintaining expertise in this area continues to be a challenge for agencies. But Orlando shared the growing trend of watching for specific personalities in the workforce that can make agencies more vulnerable to insider threats. He shared that employees who exhibit traits like entitlement, low loyalty, moral disengagement, and sensitivity to slights tend to be more impacted by stressors like divorce, breakups, or financial issues. If these things remain unaddressed, he said that organizations often then see behaviors like rule breaking or unreported activity, which can lead to insider threat issues if not addressed properly. Orlando emphasized the importance of coming alongside employees to help manage their struggles BEFORE they become an insider threat. While continued research is needed, HR and security can collaborate on integrating vetting for personality types, as well as, supporting stressed employees. Orlando stressed that the key to a well-developed insider threat program is prevention. He noted that we often do well at detecting threats and responding to them, but there’s a lot that can be done to prevent them. Creating a culture that works with employees to resolve stressors will be a setting that has less threats to respond to over time.
10 Practices for Preventing Insider Threats
Orlando closed with 10 practices for security professionals to prevent, detect, and respond to insider threats.
- Get back to the basics and be really brilliant on them.
- Embed security on the business side and align it with the overall workplace culture.
- Do more work with your front-line supervisors. They know when something isn’t right, and they need to be informed on all the resources and trained.
- Think beyond annual training. Don’t wait for annual options, but offer training pulse points for employees.
- Incorporate behavioral analysis into your insider threat programs if possible. Vetting is a key piece of the insider threat puzzle and even if HR or legal are reluctant, it’s important to find a way to work through privacy challenges to get to an agreed yes.
- Keep employees informed. Communication is important and employees need to understand what the actual threats are and what to do.
- Monitor on the unclass side if possible. You will see more behavior there that can better inform you.
- Create an insider threat review board and share instances with each other in the industry. With a trusted environment, sharing lessons learned from insider threats can stop future threats.
- Know what your crown jewels are. You can’t protect everything, but you do need to know what to focus on.
- Focus on the people. Technology is important, but it’s still a people problem.