Attention on the insider threat is back in the spotlight, with reports of what could be the second major NSA document theft in recent years.
The FBI arrested Harold T. Martin III, an NSA contractor through Booz Allen Hamilton, on charges that he stole government property and removed classified documents, The New York Times reported on Wednesday. The FBI is investigating whether the documents Martin allegedly stole could have included classified computer code developed to break into foreign systems, such as China, Iran, Russia and North Korea.
The incident marks the second major theft of NSA documents in recent years by a government contractor, following Edward Snowden in 2013. Snowden also worked for Booz Allen Hamilton at the time and has more recently been pushing for a pardon for his acts.
The investigation into the extent of information taken and Martin's motivations is ongoing, the report said.
Security experts said this latest incident highlights the continued importance of protecting against insider threats, which accounted for 77 percent of all data breaches last year, according to the 2016 Verizon Data Breach Report.
"It is quite alarming, to say the least … Businesses need to wake up that these concepts are out there because if something as sensitive as this at the NSA gets leaked out, what could you have on your servers?" Morey Haber, vice president of technology at BeyondTrust, said. "This just proves that something even considered top secret could still get out."
The report said the FBI is not referring to Martin as an insider threat, but Haber said the government and businesses use different definitions of what might be an insider threat. He said the government typically only refers to incidents as insider events if it was related to mistake or error, while a business would likely classify both malicious and unintentional removals of data as insider threats.
Charles Drum, director of privileged account management services at Integral Partners, a Boulder, Colo.-based solution provider, said there are many ways to protect against insider threats, such as Snowden and possibly Martin.