Predicting Insider Threats
In the movie Minority Report, police have created a system which predicts crime before it happens in a nightmarish Orwellian scenario. But what if companies could predict who would attack their most valuable assets? What kinds of ethical considerations would arise?
While insider threats are less in number, when they do happen the damage is generally far greater than an outside attack. According to the 2011 CyberSecurity Watch Survey conducted by CSO Magazine and Deloitte, annual monetary losses from breaches average approximately $123,000 per organization.
This past year WikiLeaks has brought new meaning to the concept of insider threat by providing a convenient vehicle to empower staff at government agencies and public/private corporations to quickly and instantly hand over their privileged information to the world.
Researchers at Pacific Northwest National Laboratory believe that combining traditionally monitored cyber security data with other kinds of organizational data is one option or inferring the motivations of individuals, which may in turn allow early prediction and mitigation of insider threats. While unproven outside the lab, researchers believe that this combination of data may yield better results than either cyber security or organizational data would in isolation. However, this nontraditional approach yields inevitable conflicts between security interests of the organization and privacy interests of individuals.
Should warning signs of a potential malicious insider be addressed before a malicious event has occurred to prevent harm to the organization and discouragethe insider from violating the organization’s rules? Predictive approaches cannot be validated a priori; false accusations may harm the career of the accused; and collection/monitoring of certain types of data may adversely affect employee morale.
While predicting insider threats makes for an interesting movie plot, the best bet for organizations in this day and age is to implement privileged identity management solutions to create boundaries that enable end users and applications to communicate freely within an IT environment without worry of intentional, accidental or indirect misuse of privilege.