Speaking at the RSA Security conference, Patrick Ready, chief information security officer at the FBI, provided a packed session room with real-world lessons on how to detect and thwart insider threats. He started the discussion with a candid observation.
“Insider threats are not hackers,” he said. “People like to think of insider threats as hackers but in reality, you’re dealing with authorized users, doing authorized things for malicious purposes.”
The WikiLeaks incident in which U.S. Army soldier Bradley Manning leaked information to Julian Assange has led to a renewed discussion on the nature of insider threats, Ready noted.
Ready said that in over 20 years of cases, he has never dealt with insiders running hacking tools or escalating their privileges to get what they want to steal.
“These are authorized users,” he said. “They have no need for hacking tools.”
The impact of insider threats is non-trivial, Ready stressed. In his view, companies that have good insider threat detection programs will be in business in 10 years – while those that don’t, will not.