Edward Snowden is a IT contractor, a SysAdmin employed by Booz Allen to provide Systems services to the US Intelligence Agencies. In this sense, he is just a face in the crowd, part of a small army of private-sector contractors helping the US government run its day-to-day operations. But as of today, Edward Snowden is the most famous low level SysAdmin in the world – possibly in history.
Now everybody is going to have a different view of his actions, based on their political philosophy and worldview, but I’m just going to point out the 800 pound gorilla in the room. This information did not get out because hackers compromised a system. It wasn’t malware, and it wasn’t an APT. It was one of the people who operate the system, using legitimately issued credentials and accessing systems he had permissions to access.
To be fair, when we concern ourselves with insider threats, we’re not usually talking about major political events that change the course of history. But that’s the thing – we can’t operate our systems without providing access to the people with the expertise to make those systems work. And therein lies the problem – they are people. They have political, ideological and religious beliefs. They are subject to bribery, coercion and persuasion. They can be impelled to act in ways that are antithetical to the goals of the organization that employs them. And, quite frankly, they are prone to making innocent mistakes. THAT is the true nature of insider threats.
The other lesson here is that the investment in information security must be driven by the value of the information at risk. In the case of Edward Snowden, the information was classified and controversial. It wasn’t just the data on hand, but it was information about the program that gathered the data that was at risk. And the cost to the organization, the program and its goals is enormous – and would certainly justify an investment in a robust security intelligence infrastructure in order to detect the kinds of activities that Edward Snowden engaged in, activities that might appear benign or be easily concealed to other more reactive security systems.
Information Security professionals have always known that the insider threat, the risks of mere humans empowered with both the access and the expertise to steal data and corrupt systems represented the greatest threat to the security of any network. This weekend, in a sudden outpouring of revelations and exposures, we learned that lesson in the most graphic fashion possible. And the lesson is simple. There are many cases where prevention is impossible, and detection is very difficult. Your security infrastructure is incomplete, and it is not capable of meeting the current security challenges. If you have data, systems or applications that have high value to your company or your customers, you have no choice but to evaluate security intelligence and analytics tools like Securonix. The potential loss is just too great.