Loading in 2 Seconds...
Loading in 2 Seconds...
Security from the Inside Michael Tillison Senior Vice President ManTech International Corp. The Threat - People. Company insiders, employees, contractors, vendors, etc… consitute the greatest risk: Risky Internet Behavior Unsolicited email attachments Divulge proprietary information
Senior Vice President
ManTech International Corp.
Company insiders, employees, contractors, vendors, etc…consitute the greatest risk:
Risky Internet Behavior
Unsolicited email attachments
Divulge proprietary information
Introduce wireless risks to corp. networks
Neglect security in their daily activities
Intentional and unintentional activities that put sensitive company information at risk.
85% of companies and Govt. Agencies have experienced breaches ($59 Billion per yr.) (NSI)
75% of security breaches are insiders (NCIX)
59% of employees leaving a company admit to taking proprietary information with them (FBI)
Industry SCRs up 600% since 2009 (DSS)
800 insider threat cases-majority of subjects took the information within the last 30 days of employment (CERT; Carnegie Mellon)
Security attacks increasing with the economic downturn –
Data breaches increased 50% in past 2 yrs (ITRC)
2013 – Insiders incidents have overtaken computer viruses as the most frequent reported type of security incident.
Employee understands the value of company’s information assets and the consequences if compromised.
Security perceived as synonymous with market capitalization, full employment, revenue growth, increased profits and market expansion –
Employees accept responsibility as owners of the enterprise
Education/Training raises employee awareness and provides critical knowledge and skills to counter the growing threat.
Hacker and virus damage short-term and long-term costs to companies - $1.6 Trillion
Liability exposure with e-commerce, partnering and other third-party relationships.
Reduced liability insurance premiums
Strong security culture may defend against disgruntled employee sabotage/Workplace Violence, etc…
Executive Order 13587 – Structural Reforms to improve Security of Classified Networks
Executive Order 13556 – Controlled Unclassified Information
DFARS – Unclassified IT Security
Insider Threat Task Force – DNI
Insider Threat Policy/Standards
NISPOM conforming change requiring Insider Threat Program
High Risk Employee List
Foreign Influence Indicators
The individual who can preserve a calm outward demeanor while their private life descends into a pit!
They never present themselves for help knowing that their careers would be over.
Self-interest and talent – smart enough to prevent incriminating matters from becoming public. (Usual security checks are not effective)
Better profiling and detection tools
Promote conditions that reduce the motivation to engage in insider activity before there is anything to detect.
Build mechanisms that create safe exits for troubled insiders before they engage in malicious activity.
Termination procedures that protect the company.