Security Experts Say New NSA Leak Should Remind Businesses To Protect Against Insiders

Attention on the insider threat is back in the spotlight, with reports of what could be the second major NSA document theft in recent years.

The FBI arrested Harold T. Martin III, an NSA contractor through Booz Allen Hamilton, on charges that he stole government property and removed classified documents, The New York Times reported on Wednesday. The FBI is investigating whether the documents Martin allegedly stole could have included classified computer code developed to break into foreign systems, such as China, Iran, Russia and North Korea.

The incident marks the second major theft of NSA documents in recent years by a government contractor, following Edward Snowden in 2013. Snowden also worked for Booz Allen Hamilton at the time and has more recently been pushing for a pardon for his acts.

[Related: Palo Alto Networks Steps Up Endpoint Security Game With Certification Of Traps As AV Replacement]

id
unit-1659132512259
type
Sponsored post

The investigation into the extent of information taken and Martin's motivations is ongoing, the report said.

Security experts said this latest incident highlights the continued importance of protecting against insider threats, which accounted for 77 percent of all data breaches last year, according to the 2016 Verizon Data Breach Report.

"It is quite alarming, to say the least … Businesses need to wake up that these concepts are out there because if something as sensitive as this at the NSA gets leaked out, what could you have on your servers?" Morey Haber, vice president of technology at BeyondTrust, said. "This just proves that something even considered top secret could still get out."

The report said the FBI is not referring to Martin as an insider threat, but Haber said the government and businesses use different definitions of what might be an insider threat. He said the government typically only refers to incidents as insider events if it was related to mistake or error, while a business would likely classify both malicious and unintentional removals of data as insider threats.

Charles Drum, director of privileged account management services at Integral Partners, a Boulder, Colo.-based solution provider, said there are many ways to protect against insider threats, such as Snowden and possibly Martin.

"I think businesses in general need to think about how to better protect their data," Drum said.

This is important for businesses of all types, Drum said, not just the government. He gave the example of clients that Integral Partners has in the biotech market, where intellectual property on drugs and other products needs to be protected from data theft for competitive reasons. He said his company recommends strict controls and policies around data access, including privileged access management and identity access management solutions.

"If certain internal controls are in place, he might have gotten caught sooner," Drum said of Snowden. "If they are implemented effectively you can do well."

BeyondTrust's Haber said businesses can improve their security by protecting business-critical data -- information that, that if stolen by a malicious insider, could prove detrimental to the business. From there, he said a business can decide how to protect and control access to that data.

"The more sensitive the information the higher the detrimental risk ... businesses have to protect, track and control those crown jewels even more,' Haber said.