Detecting an Insider Threat

By Milica D. Djekic

The insider threat has been a challenge to the business, economy and community for a long period of time. There has been written a lot of studies about such a security concern and the fact could be it’s still needed to observe that problem from more systematic perspective. Detecting the insider threat is a key pillar in combating against such a drawback. In any case, there is no a silver bullet in tackling any issue and it’s all about investing the time and effort. The same situation is with the insider threat! The experience shows that any insider threat case deals with much deeper connotation regarding its background and received support. In other words, the majority of insider threats are connected with the security risks coming from outside. Security professionals cope with that sort of task day by day and their practical experience can go beyond their education for a reason the real skill is gained through the hard work and practice. It takes a lot of time to master anything and nothing comes over night as the case is with the security doctrine.

In a cyber security manner, the insider threat is anyone within an organization who is willing to share some IT infrastructure privileges either intendingly or unintendingly.

It would appear that the security in any community is becoming the demand and there is the strong need for the coordinated effort between cyber and physical security. The impacts of the insider threat activities could be so serious and sometimes it’s the matter of maintaining the organization on the surface. The insider threats are so straightforward reason why so many organizational landscapes have collapsed and the point is once some business is threatened from inside there is less chance it would survive such an attack. Practically, the insider threats could cost the community lives, safety and finances, so it’s needed to think smart how such a threat could be mitigated.

The cyberspace is the spot in a digital surrounding that should put under surveillance in order to identify any kind of anomalies or malicious behavior. So, that’s how the detection of the insider threat can begin.

The fact is such a kind of concern can use the organization’s IT resources in order to maintain the communications with someone being outside, while that person is within that community. Sometimes the insider risk could have the transnational connotation as some organized crime and terrorist groups could try to deal as intruders to some system. Basically, those bad guys could attempt to get infiltrated into the system and from such a point of view – ruin it from inside. The most powerful word of today is sustainability and there is no community which would cope with such a challenge sooner or later. So, the good question is how to keep something that is already in someone’s ownership and feed the entire nation – especially in the time of crisis. The stress from outside can be embarrassing, but nothing can destroy the system as something being the part of so. Apparently, the insider threats are the combination of the both – internal and external pressure.

The insider thereat activities could hurt many and as they are not the lone wolves attempting something on their own – it’s obvious that the response of the authorities should be effective and powerful. On the other hand, it’s so hard to beat any enemy without understanding what he does, so it takes a lot of careful intelligence work to investigate that action. It would seem that from such a perspective we can better cope with the challenges of detecting the insider risk and put such a question through the legal procedure that could offer much efficient laws and best practices to all. The point is the security community cannot stop learning and from nowadays perspective we need the great thinkers being capable to correlate the facts with each other. The problem with the broad security pool is that it would cope with the strict rules and if anything is not defined through the training or instruction – no one would make a question if there would be the different approaches providing much effective responses to everyone. Only if the security community gets overcrowded with so many issues it would start to think outside of the box as it will figure out the ongoing best practice would lead them nowhere.

So, here we come to the quite obvious remark – the current best practice does not work!

The fact is such a scenario would lead to many open questions and one of them would be if there is the need for reforms in any sector on. The reforms are so deep and impactful changes mainly being applied to the system and society at once. In our opinion, the most of the world would not cope with the effective responses to the insider risks, so it’s needed to put more research and investigative effort in order to give answers to all of the concerns. It would look like that the modern security would need the exceptional problem solvers and in such a fashion – it’s needed to make some updates to the everyday routine from time to time. In other words, we would just return at the beginning noticing that the best response to the insider threats is their detection. So obviously – that’s possible if the cyberspace is under the monitoring, but that’s only the initial claim that should be proved through a plenty of studies and researches.

Finally, it’s quite clear that the insider risk detection is the huge challenge that once tackled appropriately can bring a lot of long-term solutions and outcomes. If our communities are not maintainable, they would simply collapse either being stressed from outside or ruined from inside. In other words, the insider risk topic is the serious stuff and no one should cope with so easily or carelessly for a reason that could be so dangerous trap to many members of society, economy and security landscapes. Never say never, but as this new millennium has brought us the top security challenges as the 9/11 terrorist attacks are and such occurrences have launched the intelligence on the top – it’s quite clear that this new chapter of the history would seek from us to be more details-oriented and take some serious steps in better understating of situation or at least deeper awareness about what is going on.

About the Author

milica djekic authorMilica D. Djekic is an Independent Researcher from Subotica, Republic of Serbia (Europe). She received her engineering background from the Faculty of Mechanical Engineering, University of Belgrade. She writes for some domestic and overseas presses and she is also the author of the book “The Internet of Things: Concept, Applications and Security” being published in 2017 with the Lambert Academic Publishing. Milica is also a speaker with the BrightTALK expert’s channel and Cyber Security Summit Europe being held in 2016 as well as CyberCentral Summit 2019 being one of the most exclusive cyber defense events in Europe. She is the member of an ASIS International since 2017 and contributor to the Cyber Defense Magazine since 2014 and the Australian Cyber Security Magazine since 2018. Milica’s research efforts are recognized with Computer Emergency Response Team for the European Union (CERT-EU), Censys Press and EASA European Centre for Cybersecurity in Aviation (ECCSA). Her fields of interests are cyber defense, technology and business. Milica is a person with disability.

Similar Articles

Advertisment
Advertisment
Advertisment