Predictive Analytics: Key to Mitigating the Insider Threat

English: FBI Mobile Command Center in Washingt...

English: FBI Mobile Command Center in Washington DC. (Photo credit: Wikipedia)

By: Amanda Vicinanzo, Senior Editor

10/20/2014 ( 9:57am)

Against the backdrop of notorious defense contractor Edward Snowden’s massive leak of classified documents last year, the Department of Homeland Security (DHS) recently published a report revealing the threat posed by malicious insiders who threaten the security of the sensitive information that US businesses rely on.

The DHS report identified a significant increase of disgruntled or former employees sabotaging company networks. Lockheed Martin—an American global aerospace, defense, security and advanced technology company—indicates that investigations conducted by the Federal Bureau of Investigation reveal that 59 percent of employees admit to taking proprietary information upon termination.

Moreover, the report stated , “A review of recent FBI cyber investigations revealed victim businesses incur significant costs ranging from $5,000 to $3 million due to cyber incidents involving disgruntled or former employees.”

DHS defines the insider threat as, “A current or former employee, contractor, or other business partner who has or had authorized access to an organization’s network, system, or data and intentionally misused that access to negatively affect the confidentiality, integrity or availability of the organization’s information or information systems.”

To assist organizations in mitigating the insider threat, Lockheed Martin developed LM Wisdom, a predictive analytics solution supporting the collection and analysis of large-scale, open-source intelligence data, including news feeds and social media.

Jason O’Connor, vice president of analysis and mission solutions for Lockheed Martin Information Systems & Global Solutions, told Homeland Security Today LM Wisdom operates by, “Extracting content from those sources and looking for patterns and correlations—connecting the dots within that data.”

“We can use this for threat monitoring predicting social instability, and even predicting things like pandemics. We have found that we can apply this tool to a broad range of topics,” O’Connor said.

LM Wisdom ITI is a tool designed specifically to mitigate the insider threat. Lockheed Martin’s counterintelligence professionals use LM Wisdom ITI to evaluate employee behavior patterns to flag individuals who exhibit high-risk characteristics.

According to O’Connor, understanding how LM Wisdom ITI works requires knowledge of the three pillars to predictive analytics: data, algorithms and tradecraft.

In order to have predictive analytics, there must be meaningful content to work with. The primary focus of LM Wisdom, however, is with the second pillar, algorithms. O’Connor said, “Here, we apply our greatest focus. We plug our specialized algorithms—which we have for pandemic monitoring, threat monitoring, and a variety of other areas— into LM Wisdom.”

Even with all the world’s data and flawless algorithms, O’Connor said it takes individuals with analytical minds to ask the right questions of the data and systems, to think through the assessment of that data, and to draw conclusions from those assessments. Lockheed Martin boasts a cadre of counterintelligence and insider threat professionals to leverage the content from LM Wisdom in order to better identify risks within enterprises.

Fortunately, Lockheed Martin sees interest in mitigating the insider threat is rapidly accelerating, especially after Snowden brought awareness of the insider threat to the forefront. Although LM Wisdom ITI has existed for a number of years and was not developed as a result of the Snowden disclosures or other very public, damaging insider threat events, O’Connor said Lockheed Martin saw rising interest in LM Wisdom ITI after those events.

O’Connor also said organizations want to understand the risks they are facing, but often have difficulty figuring out how to procure the right solution and put it into action in their enterprise. O’Connor believes, “Each enterprise, each potential organization that will go down an insider threat path will look at a tailored solution to meet their particular demands.”

O’Connor emphasized the importance of having a robust insider threat program, particularly in areas like defense where the work is mission critical.

“We cannot afford to have problems in that area,” he said.

DHS recommended that organizations terminate any account that individuals do not need to perform their daily job responsibilities; terminate all accounts associated with an employee upon dismissal; restrict Internet access on corporate computers to cloud storage websites; and require all employees to change passwords to corporate accounts regularly, since many default passwords provided by IT staff are never changed.

Organizations can also raise awareness of the insider threat through training programs. Lockheed Martin, for instance, conducts a variety of training programs to mitigate the insider threat, particularly the threat of the uninformed or careless insider. Training programs can teach employees how to identify a phishing attack and other cybersecurity best practices.

“The insider threat has been a challenge in critical industries throughout history. What is different today is the damage an individual can potentially cause due to the interconnectedness of the world we live in. There are many advantages but alongside those advantages are many opportunities for great damage,” O’Connor said.

Editor’s note: Also read, The Rise of Predictive Policing Using Social Media, in the latest issue of Homeland Security Today.

 read more:

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s