Insider threats are security breaches that originate from an individual affiliated with a target organization. Many insider threats include frustrated employees, individuals seeking financial gain from the data they leak, and workers who accidentally expose company data in untrustworthy environments. In the United States, the Department of Defense (DoD) faces frequent attacks from often unknown assailants. Since insider threats are prevalent in the organizations that handle valuable Americans’ records, data analysts should search unknown IP addresses, non-password protected databases, and unauthorized access of company databases from internal IP addresses.
Financial gain motivates a large percentage of the insider threat perpetrators. According to the U.S. Department of Justice (2016), Alexander Fishenko, an unregistered Russian Government Agent, smuggled restricted microelectronics to Russia for profit. Fishenko conspired with other culprits, whom either are fugitives or incarcerated, to export electronic gadgets worth millions of dollars to Russia without prerequisite permissions (U.S. Department of Justice, 2016). Consequently, the business and government agencies should be vigilant of staff with unexplained and surplus riches.
Behaviors that show sudden wealth gain, financial strains, and dissatisfaction with the work policies are some of the early warning signs of data breaches. For instance, individuals with massive debt burdens, and who have access to high value data, may sell the information to offset their economic crisis. Similarly, an unexplained monetary gain is another warning sign of potential insider threats. For example, an employee who suddenly purchases a home that is costlier than their family income range should be a subject of data breach investigation. In the same vein, risks such as unauthorized entry into to restricted databases from unknown IP addresses may indicate that an employee of the company has shared critical logins with strangers (Zhang, 2020). Overall, suspicious exchange of money or illegal access to classified data from an employee’s IP address warrants an internal investigation.
Considering that American organizations such as the DoD compile critical security information, data analysts should consistently look for breaches involving unauthorized database accesses and high value information stored without passwords. The organizations should also impose tough penal codes to deter potential insider threats from leaking confidential data. For instance, the US jailed Fishenko for 10 years and fined him over $500, 000 to discourage other people from selling restricted technology without essential licenses (U.S. Department of Justice, 2016). Dismissing discontented staff, investigating the source of suspicious wealth, and denying public access to breached data are other techniques companies use to control adverse effects of intrusions.
References
U.S. Department of Justice, (2016). Russian agent sentenced to 10 years for acting as unregistered Russian government agent and leading scheme to illegally export controlled technology to Russian military. Web.
Zhang, E. (2020). The early indicators of an insider threat. Digital Guardian. Web.