Insider threat grows more ominous

When former National Security Agency contractor Edward Snowden leaked a cache of classified secrets detailing how foreign signals intelligence is gathered, it changed the way government and industry perceive insider threats.

Media reports suggest Snowden accessed a trove of documents containing as many as 40,000 files through his system administrator position. He was a privileged user who, over the course of several months, was able to download documents on flash drives from a secure NSA facility in Hawaii without getting caught.

The case precipitated a very public conversation about intelligence gathering, but behind closed doors feds are reassessing how they handle insider threats, according to a study commissioned by Vormetric, a data security company based in San Jose, Calif.

Released Sept. 23, the study surveyed more than 700 IT professionals and business managers in civilian, defense and intelligence agencies and across large public sector organizations. It suggests that insider threats are more dangerous than ever given new technologies such as cloud computing and virtualization.

Of those surveyed, 63 percent feel vulnerable to the abuse of privileged user access by employees, 46 percent feel vulnerable to insider threats and 45 percent have changed their perspectives since the Snowden incident.

"From the federal movement in IT, it's clear that most organizations are trending toward consolidation. That means in many cases going toward the cloud, creating better centralization, going with virtual desktops and looking to big data," said Wayne Lewandowski, vice president of Vormetric's Federal division.

"In each of those cases, it doesn't take too long for someone to understand that consolidating desktops and sensitive information leads to a higher density for a target, of infinitely higher value to an adversary," Lewandowski said. "That makes a threat vector like a privileged user a big problem."

Federal agencies collecting more data than ever which is consolidated through White House directives such as the Federal Data Center Consolidation Initiative. Cloud computing is increasingly streamlining access to those piles of data – even within the intelligence community –  and it all adds up to increased risks posed by insider threats.

Compared to two years ago, the study suggests, organizations feel "significantly more threatened" now, with 54 percent of those surveyed suggesting insider threats are more difficult to protect against than in 2011.

Vormetric CEO Alan Kessler said organizations have become more wary about the contractors they work with and the damage they could do.

"Forty-eight percent said third-party contractors pose threats for the entire organization, and 58 percent felt vulnerable to what they could do," Kessler said. "The perception has changed."

Several weeks after the first Snowden revelations surfaced, NSA Director Gen. Keith Alexander announced agency plans to eliminate about 90 percent of its 1,000 system administrators in favor of automated technology.

Lewandowski said short of replacing system administrators with in-house machines, many large organizations are looking to employ security architecture that strips away what system administrators can see, creating a firewall-like approach to an insider's internal network. In such an approach, data accessed by a user is encrypted, and policy governed by an organization's security team dictates what applications and users can decrypt it.

Lewandowski said insider threats will pose increasingly high risks to organizations in the public and private sectors, especially those individuals with "full and unfettered access" to an organization's inner-most networks. It's the post-Snowden world, and everybody in IT security is dealing with the fallout.