When Jack Teixeira was arrested by a team of heavily armed FYI agents at his parents’ home in Massachusetts in April 2023, the incident made national headlines.
The former Air National Guardsman who served as an IT specialist was accused and eventually indicted on six counts of retaining and transmitting classified national defense information. The theft was brazen and easily executed. Teixeira had the proverbial keys to the safe, which he purposely used to, as The New York Times reported, post “files that bore some of the most highly restricted classification markings, including ‘sensitive compartmentalized information’ that could be stored and reviewed only in protected facilities.”
The information was published on Discord for bragging rights, underscoring the potentially low stakes that can prompt a data disaster.
Teixeira is a classic, if anomalous, example of an insider threat. The Cybersecurity & Infrastructure Security Agency helpfully defines an insider as “any person who has or had authorized access to or knowledge of an organization’s resources, including personnel, facilities, information, equipment, networks, and systems.”
These risks are increasing.
According to one analysis, 77 percent of government agencies and critical infrastructure entities have “seen a rise in insider-driven cyberthreats in the last three years.” A separate survey found that across government agencies and critical infrastructure entities, “an act of intentional destruction by an employee was committed at an average of at least every other week within the last year.”
Understanding that a single insider can accidentally or intentionally cause enormous harm, insider threat mitigation is top-of-mind for agency and critical infrastructure leaders. Here are three steps they can take to mitigate insider threats within their purview.
Prepare to play defense
The vast majority of insider threats are not malicious actors. They don’t mean to put people’s personal information or infrastructure integrity at risk. Most people focus on tackling their day-to-day responsibilities, leaving cybersecurity a rarely considered afterthought.
This dynamic poses a significant cybersecurity risk.
Verizon’s 2023 Data Breach Investigations Report notes that 74 percent of breaches involve the human element, including people falling for social engineering attacks, committing errors, or misusing information.
That’s why leaders must prepare everyone to play defense.
For instance, it is broadly recognized that strong, unique passwords are crucial for securing online accounts. Even so, “123456″ and “password” remain among the most frequently used passwords. Incredibly, 83 percent of the most prevalent passwords globally can be deciphered in under a second.
Similarly, many people are stubbornly unwilling to update their software promptly. The 2021 Colonial Pipeline Ransomware attack was made possible by a single outdated app, demonstrating the urgency to keep software updated at all times.
Many people need to improve at using discretion when deciding what to post online or how to segregate personal and professional technology use. These easy-to-overlook behaviors can turn any insider into a threat.
Fortunately, agencies can prepare everyone to play defense.
Host regular trainings that help insiders identify the latest cybersecurity threats and offer instructions for managing confidential information. At the same time, dedicate resources to providing digital tools that can bolster security, including two-factor authentication capabilities, password management systems, and people analytics platforms that identify risks before they become dangers.
Stopping malicious insiders
With millions of employees, contractors, and authorized third parties spread out all over the globe, some government agencies or critical infrastructure insiders will inevitably intentionally undermine cybersecurity or data privacy.
These malicious insiders, who deliberately exploit their access to harm the organization’s assets, can be incredibly difficult to stop. Their trusted status, access credentials, and technical know-how make them one of the most difficult cybersecurity threats to detect and prevent.
Effective solutions start with an organizational culture that embraces openness and empowers employees to raise concerns about questionable activities. Additionally, whistleblower protections, transparency in organizational decision-making, and ensuring that employees feel valued can also deter potential insider threats.
Technology also plays a role. Leverage behavioral analytics to proactively identify potential threats and mitigate real-time risks.
Insider threat prevention systems excel at recognizing atypical behavior, automating risk analysis and limiting how data and files are accessed and manipulated. When coupled with an endpoint data loss prevention solution, agencies and critical infrastructure entities can often prevent malicious insiders from stealing sensitive information.
Plan for future threats
Today’s secure agencies are tomorrow’s compromised organizations as threat actors and risk patterns continually change.
In response, agencies and critical infrastructure entities must remain agile, continually identifying emerging threats and assessing their defensive posture. Moving forward, this undoubtedly means accounting for AI-powered cyberattacks that deploy more convincing phishing scams, malware attacks, and other employee-centric attacks.
It’s critically important to be proactive. IBM’s latest research found that over half of organizations plan to increase their security investments because of a data breach. Rather than waiting for disaster to strike, strategically invest and prepare, knowing that, when it comes to cybersecurity, an ounce of prevention is worth a pound of cure.
ATeixeira isn’t the first government employee to start an enormous data breach, and he won’t be the last.
The increasing sophistication and frequency of such threats necessitate a multi-faceted approach to cybersecurity. This approach includes educating all insiders on best practices and vigilance, implementing robust technology solutions like behavioral analytics and endpoint data loss prevention, and continuously adapting to emerging threats.
The consequences of failure are becoming more apparent and profound, making now the right time to begin implementing insider threat prevention solutions that work.
Isaac Kohen is Chief Product Officer & Founder of Teramind, a global provider of insider threat management, data loss prevention and productivity optimization solutions powered by user behavior analytics.