Training Discrepancies and Vulnerabilities to Nation State Hacks

Spies might seem like they belong more to TV dramas and films than the real world, but the reality is that many types of organizations can end up finding themselves on the receiving end of nation-state sponsored insider threats.

Insider theft is one of the most significant ways that other countries can gain access to valuable trade secrets and intellectual property. Indeed, just a few weeks ago it was announced that a former General Electric (GE) engineer and Chinese businessman were charged with economic espionage and conspiracy to steal GE's trade secrets related to turbine technologies, with the intention of using the information to benefit the People's Republic of China. This is just one of many cases of nation-state sponsored insider threats.

State-sponsored insiders can be trusted third-party contractors or regular employees, but, for either malicious or non-malicious reasons, they decide to collude with an outside nation to exfiltrate data. Their motivations to spy on behalf of a foreign government can vary too – sometimes people are motivated by the simple belief that exfiltrating data is an easy or quick way to make more money, while another employee or contractor could have a fundamental disagreement with the purpose of the organization for which he or she is working. Of course, much like financial distress, stress in someone’s personal life (such as a death or divorce) could be a powerful factor in deciding to take a risk like colluding with a nation state to steal data.

This sort of hack can be difficult to detect and investigate when companies are not actively tracking potentially risky user activity and their data movement. Complicating matters too is how the workforce is changing rapidly, as remote work becomes commonplace and more companies rely on freelancers and contractors to support daily activities.

This diverse workforce is making it harder to create effective training programmes. As IT leaders look to secure those least known to them, they sometimes neglect that full-time, pay-rolled employees present an equal risk. A new global survey of 600 IT leaders into how trust shapes cybersecurity revealed that, in the UK, contractors/freelancers received more training (eight times a year) than staff (six times a year). When you look globally by sector, a worrying revelation is that, in the Public Sector, more than a third of public sector workers are only trained once a year or never are, in general.

Ultimately, with insider spies on the rise, it is more important than ever to quickly detect them and take an even-handed approach to securing the activities of all types of employees. All trusted insiders must all be subject to the same user and data activity monitoring and trust verification measures uniformly.

Unfortunately, legacy security tools such as data loss prevention (DLPs) are often unable to prevent data exfiltration due to arduous classification requirements that are difficult to maintain. Equally, they are unable to suss out the context of an insider threat because they are solely focused on data, not on user behavior. Ultimately, it’s the person behind the nation state that poses the most direct threat to an organization’s trade secrets, so detecting and analyzing anomalous user behavior is the best way to thwart the agent on the inside. The good news is that with a holistic and proactive approach to insider threat management – people, processes and technology – you can know the whole story of what is happening within your organization and keep it safe before a breach happens!

What’s Hot on Infosecurity Magazine?