 back to blog

Insiders and Whistleblowers

By
Marcus Hartwig
,
Director, Product Marketing
and
|
September 8, 2020
Please note that this is an automated translation. For the most accurate information, refer to the original version in English.

Insiders who leak information about classified government practices and decision-making has a huge impact on public opinion and policies. Throughout time, whistleblowers have exposed alleged misconduct, dishonesty or illegal activity occurring in organizations. The alleged misconduct includes the violation of a law, rule, regulation and/or a direct threat to public interest, such as fraud, health and safety violations, and corruption. The history of whistleblowing in the United States is almost as old as the country itself. The first case dates back to 1777 when Samuel Shaw and Richard Marven blew the whistle on the torturing of British prisoners of war. As consequence, the Continental Congress enacted the whistleblower protection law on July 30, 1778, by an unanimous vote and dismissed the responsible commander-in-chief of the Continental Navy. A modern version of this protection law exists today, including special versions for employees in intelligence services.

Modern day insiders are employees or contractors that entered a trusted relationship with an organization for which they work. Trust here means that by entering into a work relationship, the insiders accept and abide by the rules and obligations that come with the role. However, this relationship of trust does not, and should not, include alleged dishonest, unethical or illegal activity. The insider must obey laws and hold to ethical practices, despite the trusted relationship.

While cases of whistleblowers have dominated the news, less light has been shed on malicious insiders that do harm to their organization for personal gain, out of disgruntlement, or simple neglect. The overwhelming majority of insider threat cases reported by the computer emergency response team (CERT) at Carnegie Mellon University fall into these categories and inflict enormous damages on government organizations and companies every year worldwide. According to the FBI and U.S. Department of Homeland Security, these kinds of insider threat cases are on the rise and pose a significant cybersecurity threat to U.S. businesses. One incident can further incur costs of up to $3 million, according to recent FBI cases.

The ultimate goal of most insider attacks is to steal data. Depending on the insiders needs and skill level, attackers can use a variety of approaches to smuggle data out of an organization. The most obvious approach involves moving data in bulk, either directly to the internet or to an intermediate staging area in the campus network. Subtle attackers may attempt to stay low-and-slow by patiently exfiltrating data at rates that are less likely to be noticed or arouse suspicion. Efforts can also be made to obscure data exfiltration in hidden tunnels within allowed traffic, such as web or DNS traffic.

The Vectra solution

Detect delivers a variety of intelligence to detect data exfiltration, both fast, high-volume as well as the slow, low-volume approaches. While this will help organizations stop insiders who leak data for personal profit, whistleblowers can still report wrongdoings in a secure and anonymous way through a wide variety of tools designed for this.

It's National Insider Threat Awareness Month. If you'd like to learn how Vectra can help, you can schedule a demo.

Want to learn more?

Vectra® is the leader in Security AI-driven hybrid cloud threat detection and response. The Vectra platform and services cover public cloud, SaaS applications, identity systems and network infrastructure – both on-premises and cloud-based. Organizations worldwide rely on the Vectra platform and services for resilience to ransomware, supply chain compromise, identity takeovers, and other cyberattacks impacting their organization.

If you’d like to hear more, contact us and we’ll show you exactly how we do this and what you can do to protect your data. We can also put you in contact with one of our customers to hear directly from them about their experiences with our solution.

Get in touch
CONTACTREQUEST A DEMO