News

 

18 December 2015

New Study: How to Detect and Mitigate Threats from Malicious Insiders

Photo: Ardi Hallismaa, Estonian Defense Forces

A new NATO Cooperative Cyber Defence Centre of Excellence study focuses on the threat insiders pose to information security.

While most security frameworks focus on the threats from outsiders, several recent cases have demonstrated the harm trusted individuals can do. Examples of Edward Snowden and Chelsea Manning highlight that in addition to perimeter defence, organisations must scrutinize possibilities of their systems being hampered by authorised users employing internal channels.

“Insider Threat Programmes address a gap that exists in today's approach to information security. They typically merge behavioural and technical indicators to understand the changing risks associated with the people,” explains IT security expert Jesse Wojtkowiak, a co-author of the study.

The interdisciplinary paper proposes various detection indicators that act as precursors that accompany different threats. The analysis outlines the key components of an Insider Threat Programme, provides a comprehensive overview of insider threat and offers profile types. The work takes an interdisciplinary approach, discussing insider threat from technical, legal, and behavioural perspectives.

The Tallinn-based NATO Cooperative Cyber Defence Centre of Excellence is a NATO-accredited knowledge hub, think-tank and training facility. The international military organisation focuses on interdisciplinary applied research and development, as well as consultations, trainings and exercises in the field of cyber security. The Centre’s mission is to enhance capability, cooperation and information-sharing between NATO, Allies and partners in cyber defence. Membership of the Centre is open to all Allies. The Czech Republic, Estonia, France, Germany, Greece, Hungary, Italy, Latvia, Lithuania, the Netherlands, Poland, Slovakia, Spain, Turkey, the United Kingdom and the USA have signed on as sponsoring nations. Austria and Finland have joined the Centre as contributing participants. The Centre is funded and staffed by these member nations.

The Insider Threat Detection Study can be downloaded from https://ccdcoe.org/insider-threat.html