Our summer edition of GovConExec magazine will be arriving in offices and mailboxes in just a few weeks. For our sixth edition, we wanted to confront an emerging government contracting challenge — and marketing opportunity — head-on, the insider threat.
When Bradley Manning’s alleged WikiLeaks dump hit the front page, we knew the insider threat was much more than careless employees leaving laptops unattended at Starbucks. And we knew the solutions are more complex than having security guards escort terminated employees from the building.
Companies and government agencies have dedicated resources to protecting data from the outside, but security risks from within remain largely ignored. In a pre-information age when mass quantities of data were kept on paper and had to be photocopied, faxed or photographed to be stolen, lax internal security worked. Today, that same data is stored electronically, accessed instantly and transmitted or copied without lifting so much as a file folder. Remember, Manning allegedly compromised U.S. security with a thumb drive.
Internal security has historically been simply a matter of password protecting work stations and encouraging employees to keep an eye on material they took out of the office. Clearly that is no longer adequate. With each publicized data breach and WikiLeak revelation, it became apparent securing data from the inside was as important as securing it from the outside.
So who is the insider threat?
We looked at the psychology of the insider threat. If it were more than just carelessness, what would drive a person to betray their company and even their country? In many cases, we discovered a whistle-blower mentality, a feeling of righteous indignation. In others, we found the standard disgruntled employee.
Of great concern is corporate espionage. Individuals seeking employment with the sole purpose of stealing information remains the ultimate insider threat.
As the government found, compromised data leads to more than a loss of revenue. Costs are measured not just in dollars, but also in loss of reputation, damaged relationships and national security risks. Protecting against the insider threat must be done with the same emphasis placed on other cybersecurity precautions.
The market is wide open. Government contractors are using analytical approaches to detect unusual computer behavior, but that only addresses part of the problem. What human-resource processes can be used to screen job candidates? What policies can be implemented to lower the risks of careless breaches and unhappy personnel? Real-time monitoring of online activity? The angles and opportunities for the government-contracting market are endless. Stay on top of the latest sector news. Subscribe to GovConExec at www.GovConExec.com/subscription