In which Iliad, the Greek armies besiege Troy, but despite their fighting prowess, Greece’s warriors cannot overcome the Trojan defenses. Through cunning and deception, however, Greece slips into a wooden horse behind Troy’s walls. Once in Troy, victory is assured – Troy’s formidable walls are useless against the onslaught that came from within.
Governments and businesses face many external threats today, but perhaps the greatest danger comes from insider threats that have already found their way behind defense walls. Protecting against such insider threats is an important, complex, and extensive task.
Over 4 million Americans hold a security clearance. Millions more have access to government facilities. All of these individuals must be verified and verified to ensure their trustworthiness. The Defense Counterintelligence and Security Agency alone is responsible for conducting over 2 million background investigations each year. Finding and mitigating threats effectively within this vast population is truly a Herculean task.
The challenge isn’t limited to the world of governments and spies either. Organizations face a massive barrage of attacks aimed at stealing intellectual property or personal information. Successful attacks can ruin lives and livelihoods, damage business reputations, or cost millions of dollars to repair.
Whether it’s national security, identity theft, or intellectual property, the challenge of countering an insider threat is too important to take a reactive approach. Today’s approach to addressing this challenge relies too heavily on outdated data and risk perceptions. A more comprehensive, proactive technique is needed that leverages established methodologies in addition to employing modern artificial intelligence-based processes that bring the broader world of publicly available information (PAI) to missions to combat insider threats. Such a modernized approach will maximize information, mitigate threats and stop problems left over from the boom.
Limits of the traditional approach
The investigative tools currently used to defend against insider threats have not changed significantly in decades. Governments and businesses receive certain information from their employees, which is then used to assess people’s trustworthiness. The process relies mostly on generally accurate but relatively static data from credit bureaus and data aggregators, which includes addresses, phone numbers, financial information, and arrest or court records. If anything suspicious turns up in those records, investigators can search for more information the old-fashioned way.
This information can be very valuable, but in today’s information environment it is not enough. With the explosion of PAI, investigators must go beyond the traditional approach to gain a comprehensive and dynamic understanding of potential threats.
The current approach falls short of both the quantity and the quality of the data. From a quantitative perspective, traditional insider threat monitoring techniques use only a tiny fraction of the available data. Even if investigators use search engines to “study” potential risks, they will only search the surface web – less than 2% of available online data.
The type of data returned with the traditional approach is also incomplete. A person’s dissatisfaction with their employer will not show up on their credit report or arrest history. In fact, someone can easily hide potential risks, such as extremist activities or ties to foreign governments, without them ever showing up in the data currently in use. By casting a broader web that examines the surface web, as well as the deep and dark web, investigators are made aware of potential threats that could easily be overlooked without this broader approach.
The right approach
An effective effort to counter insider threats must use all available resources to identify potential risks, particularly through leveraging PAI. However, due to the size and complexity of the available data, modern technologies that harness the capabilities of artificial intelligence and machine learning (AI/ML) are essential for the success of this new approach.
An updated program to combat insider threats would use the rich data within the traditional process as a starting point for further investigation. Through entity resolution (verifying that multiple data points point to the same real thing) and powerful search processes that look for potentially important or derogatory information, regardless of language, investigators can develop a complete picture. Critical information can be discovered via social media platforms, news sites, public records, blogs, message boards, dark web marketplaces, and illegal forums. Advanced analytics using topic modeling and link analysis can also assist investigators by quickly highlighting the most important information while filtering out noise.
In addition to expanding the data pool, this modernized approach offers several other benefits. By using automated, AI-enabled processes, businesses and government can standardize insider threat missions and mitigate human bias. The result is the ability to examine more people more thoroughly in less time. A comprehensive, efficient screening reduces the risks for a company and also saves money.
It’s all about the “why”
Insider threats are real and pervasive. It is incumbent upon leaders to appropriately address the risks posed by the people in their organizations. However, the current approach to countering these threats is outdated and unnecessarily exposes organizations to escalating risks.
As in ancient Troy, real danger often lurks unbeknownst to us in our defenses. A new process that fully leverages the capabilities of PAI and AI/ML is needed to effectively combat the dangers of insider threats.
At stake is nothing less than the lives and livelihoods of hard-working, honest people. Therefore, the risk of not modernizing is simply too great.
The views expressed here are those of the author and are not necessarily endorsed by Homeland Security Today, which welcomes a wide range of viewpoints in support of securing our homeland. To submit an article for consideration, email [email protected].
