The IT Nerd

Every September, National Insider Threat Awareness Month takes place. Established in 2019 by the United States National Counterintelligence and Security Center (NCSC) and the National Insider Threat Task Force (NITTF), the campaign aims to educate government agencies, private sector organizations, and the public on the risks posed by insider threats and to promote the development and implementation of effective Insider Threat Programs. This year, NITAM spotlights “bystander engagement” as its theme, underscoring the vital role individuals play in identifying and responding to concerning behaviors.

I have some commentary from industry experts on National Insider Threat Awareness Month:

Carl D’Halluin, CTO, Datadobi: 

“Insider threats lurk within the very heart of organizations, disguised as trusted employees, partners, or collaborators. These individuals, armed with access privileges, possess the potential to wreak havoc that is often unseen until it’s too late. Their actions can shatter the security foundation of a company, leading to catastrophic data breaches, financial ruin through fraud, and irreparable damage to reputation.

First held in 2019, National Insider Threat Awareness Month (NITAM) is an annual campaign spanning the month of September that reminds us that mitigating insider threats demands a comprehensive strategy encompassing diverse countermeasures. This can entail the enforcement of stringent access controls, leveraging user behavior analytics, and the implementation of data loss prevention solutions, as well as vigilant user activity monitoring, and the fostering of anonymous whistleblower reporting mechanisms. However, to truly take insider threat mitigation to the next level, a solution that empowers organizations to assess, organize, and take action on their data is pivotal.

By proactively assessing data, it allows for the identification of anomalies and vulnerabilities before they escalate into significant risks. The continuous monitoring and analysis of data enable the rapid detection of unusual patterns or behaviors, facilitating timely intervention and mitigation. Moreover, the organized structuring of data enhances visibility, making it easier to pinpoint sensitive information and recognize unauthorized access or movement. When potential threats are identified, the solution enables organizations to take swift and precise actions, such as restricting access, initiating investigations, and/or moving data to another location, minimizing the potential damage. Beyond immediate responses, the solution’s adaptability ensures that countermeasures remain effective in the face of evolving insider tactics. This approach not only reduces the impact of insider threats but also contributes to operational continuity and regulatory compliance. Ultimately, the ability to harness data-driven insights enhances an organization’s proactive stance, equipping it to navigate the intricate landscape of insider threats with vigilance and resilience.”

Steve Santamaria, CEO, Folio Photonics:

“In a world where data fuels progress, the importance of National Insider Threat Awareness Month (NITAM) cannot be overstated. The campaign, which takes place each year in September, highlights the stark reality that employees, strategic partners, and other insiders with authorized access can inadvertently or intentionally inflict significant damage. This threat transcends industries, affecting both government entities and private businesses, as trust and access intersect in today’s interconnected digital landscape.

However, NITAM extends beyond simply shedding light on the issue—it drives us to seek effective mitigations, such as an active archive, which is an advanced technology designed to provide efficient and secure data storage while enabling quick access and retrieval of information. Unlike traditional archival systems that store data in a passive, offline state, an active archive maintains data in a more accessible and readily available form, making it easier to search, retrieve, and analyze. However, within the context of insider threats, an immutable active archive serves as a robust defense due to its unique qualities. By ensuring data immutability, it maintains the integrity of stored information and creates a traceable record of interactions. This traceability acts as a deterrent against malicious insider actions and aids forensic analysis during security breaches. Moreover, its alignment with regulatory compliance standards ensures adherence to legal requirements. Last but not least, real-time monitoring capabilities can further enhance its effectiveness by promptly identifying unauthorized activities. 

In closing, NITAM stands as an annual rallying cry—a time to renew our commitment to cybersecurity and acknowledge that, while trust is invaluable, preparedness is non-negotiable.”

Seth Blank, CTO, Valimail: 

“In today’s fast-evolving and intricate digital communication framework, DMARC (Domain-based Message Authentication, Reporting, and Conformance) acts as a pivotal element. It serves as a critical component that prevents external actors from exploiting a trusted name to deceive and mislead. Think of DMARC as the equivalent of a bouncer checking IDs at an exclusive nightclub. Its primary role is to ensure that only authorized individuals—essentially those on the guest list—can gain entry. DMARC’s primary function is to make certain that unauthorized entities are both easily detectable and unable to impersonate your employees or executives, which if left unaddressed can turn an external threat into an internal one.

However, the role of DMARC extends beyond mere prevention. With DMARC enforcement, organizations gain the clarity that their communications are secured from impostors. Yet, this clarity also brings to light another dimension of security – the risks that potentially lurk within the organization itself. While it’s imperative to fortify against external threats, an equally significant aspect of security is the continuous oversight of internal activities and behaviors.

Understanding the intricate interplay between trust, security, and the myriad channels of communication means recognizing the phased nature of protection strategies. Tools like DMARC offer the first line of defense against external hackers and other attackers. However, once these external defenses are robustly established, it becomes critical for organizations to pivot, channel resources, and focus on addressing the subtleties and complexities of internal threats. This sequential layered approach ensures a holistic defense strategy – begin by fortifying against external threats and then work meticulously to foster and maintain a trustworthy internal environment.”