Insider Threat: 'You Can't Stop Stupid'

Credit EligibleAs a GovInfoSecurity.com annual member, this content can be used toward your membership credits and transcript tracking. Click For More Info

Much is misunderstood today about the evolving insider threat, says Dr. Eric Cole. In particular, senior leaders need to realize that their greatest risks aren't from rogue employees looking to cause damage, but rather from inadvertent breaches caused by staffers who simply stumble into costly mistakes.

"You can't stop stupid," Cole says. "But you can control and limit stupid."

In an exclusive interview, Cole discusses:

• Today's top insider threats - and what's most misunderstood about them;
• Technology solutions that ease the risks;
• Advice on how to limit your own organization's vulnerability.

Cole is an industry-recognized security expert with over 20 years of hands-on experience. He currently performs leading-edge security consulting and works in research and development to advance the state of the art in information systems security. Cole is the author of several books, including Hackers Beware, Hiding in Plain Site, Network Security Bible, and Insider Threat. He is the inventor of over 20 patents and is a researcher, writer and speaker. He is also a member of the Commission on Cyber Security for the 44th President and several executive advisory boards. Dr. Cole is also the CTO of the Americas for McAfee. Cole is actively involved with the SANS Technology Institute (STI) and SANS working with students, teaching, and maintaining and developing courseware. He is a SANS faculty fellow and course author.

Click to Get Updates on the Latest Information Security News

Company* Title* Email* Subscription Type: HTML Text Government Enews General Government Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Banking Enews General Banking Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Credit Union Enews General Credit Union Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Need Help?

TOM FIELD: What is the latest on the insider threat? Hi, this is Tom Field, Editorial Director with Information Security Media Group. We are talking today about the insider threat with Dr. Eric Cole, the CTO of the Americas for McAfee and also with SANS. Eric thanks so much for joining me today.

DR. ERIC COLE: My pleasure to be here.

FIELD: Now, I have mentioned only a couple of your roles. Maybe you can go on and give a bit of background on what you are working on today with McAfee, SANS and elsewhere.

COLE: I have actually been involved in cybersecurity for over 20 years and have written a book on insider threat. So one of the things that I do a lot with both McAfee and in my teaching ability with SANS is try to understand what customers' problems are and give them actual solutions that work. One of the things we find is that organizations are spending a lot of money on cybersecurity, and they are still getting broken into -- not because they are not trying, but because they are fixing the wrong problems.

So what I like to always do is trace everything back to risk, help organizations better understand what their biggest exposures are, and give them solutions that are not just good things to do, but the right things to do. One of those biggest areas today is protecting, controlling and managing the insiders.

FIELD: Well, let's talk about the insider threat. Particularly since the economic meltdown of a couple of years ago, we find that awareness to the insider threat is up, but so are the incidents. Why is that?

COLE: One of the biggest problems is even though organizations are more aware that problems are being caused by the insider, they are still not addressing them with their budget. If you look at the latest numbers, about 50 percent of the loss to an organization from attacks is from the inside, and about 50 percent is from external attacks.

However, if you look at their budget, they are still spending 80 percent of their budget on the external threat and only about 15 to 20 percent on the insider threat, so there is still not that proper balance because organizations think that if they put up preventive measures and firewalls that is going to deal with the insider, when in reality the insider is using simple tools, like web browsers, email clients and others, to be able to go in and cause harm to the organization.

So organizations are starting to recognize that it's a problem, but their budget, their solutions and where they are putting their energy are not going to stop it because they are trying to focus in on making people aware of the problem. In reality, they need to put measures in to control, protect and limit what the insiders really do within their organizations.

FIELD: So we've talked about the awareness. What do you find to be most misunderstood about the insider threat?

COLE: Probably the biggest area is most people, when they hear the word insider threat, they think of what I call the deliberate insider -- the people that are in an organization that are deliberately working for the enemy, working for a competitor trying to cause harm to that company.