Cyber security – insider threat

  • Published
  • By Tech. Sgt. Christopher Chaikittirattana
  • 60th Communications Squadron
TRAVIS AIR FORCE BASE, Calif. --  Imagine you're home and installing an alarm system, bullet proof windows and an impenetrable door. No thief would dare break in, right?

Now imagine that you leave for work before your child or spouse. Imagine that when they leave, they leave the front door wide open and do not set the alarm.

What happened? You took many security precautions protecting your home, but you were done in by an insider threat.

This is exactly what happens with network security. We have intrusion detection systems, passwords and firewalls. But, this is all for nothing if we do not control the insider threat. The insider threat is the biggest vulnerability for network security.

There are three types of insider threats: malicious, careless and tricked.

Malicious insiders can be disgruntled employees, thieves, spies or sympathizers. Their motivation can range from revenge to financial or political gain. A malicious insider may sabotage systems in order to disrupt our mission. This denial of service may involve changing data, deleting data or denying access to a system or the entire network. The malicious insider can steal sensitive or confidential information for personal gain or to pass to foreign governments or organizations. This was the case for Army Private Bradley Manning who stole numerous classified documents and passed them to the WikiLeaks web-site.

Careless insiders unintentionally compromise network security due to an accident, mistake or negligence. Examples of careless insiders are sharing passwords with other users, writing passwords down or leaving a common access card in a computer while logged in and walking away. Careless mistakes are typically preventable. Never share your password or personal identification number with anyone else, even communications personnel. Never write your passwords down, especially sticky notes, and leave them where others can find them such as under a keyboard or mouse pad. Never leave your CAC in a computer if you are walking more than a few feet away from it. A very simple phrase to remember is "lock before you walk." By pulling your CAC from your computer when you walk away, you will automatically lock it. These are just a few examples of careless insiders.

The final type of insider threat is the tricked insider. This type of insider is tricked into providing sensitive or private data by a person who lies about their identity on purpose through social engineering. Phishing is the most well-known type of social engineering. Phishing usually involves receiving an email from someone pretending to be a trustworthy person, such as a network technician. These emails attempt to trick a user into divulging their username, password or other sensitive information. Phishing emails also try to direct users to fake websites that look almost identical to legitimate websites. Once on the fake website, they also try to gather sensitive information from unsuspecting users.

Here are a few tips to avoid being the victim of a phishing email. First, always check to see if an e-mail is digitally signed; a digitally signed email will have a gold and red ribbon on the email icon. Never give your password or PIN to anyone. A network technician should never need your password or PIN. If it is necessary to work on your computer, then you should enter your password or PIN yourself. Beware of hyperlinks. Hyperlinks are addresses that take you to a website when you click on them. If it is necessary that you visit a web-site from a questionable email, such as your bank, it is a better practice that you type in the web address rather than clicking on the hyperlink. Lastly, if you are in doubt about a suspicious email, ask for help. There are many places to turn to for assistance. Each unit has at least one Information Assurance Officer appointed who can help you. Your IAO is your primary point of contact for network related issues. If you cannot contact your IAO, you can also always turn to the 60th CS for assistance.

Working on a military installation, we sometimes get a sense of security that everyone is doing the right thing and that no one would attack from the inside. Remember to always remain vigilant. If you witness suspicious activity, report it. You can put in all the security features to protect your home that you want, but they are useless if an insider leaves the front door wide open.