Myrna Soto is the Chief Strategy and Trust Officer for Forcepoint.
When envisioning the threats to your organisation, malicious nation states or greedy virtual thieves located halfway around the world might loom large. But what if the risk is an undercover employee? What if it’s a person who’s not even real? What if it’s the neighbor you never suspected? In 2021 we’re going to see threats emerge from unexpected places, and sometimes the call will be coming from inside the house.
Insider Threat-as-a-service
In the past we’ve thought of “insider threats” as disgruntled employees who walk out of the building with proprietary information hidden in their briefcases. But today, your employees may be scattered around the world, you may hire them after only meeting via Zoom, and they may never step foot inside one of your offices. And today, you can buy almost anything on the dark web, including “trusted insiders.” In 2021, I expect to see organised cells of recruitment infiltrators offering specifically targeted means for bad actors to become trusted employees, with the goal of exfiltrating priceless IP. These “bad actors,” literally, will become deep undercover agents who fly through the interview process and pass all the hurdles your HR and security teams have in place to stop them.
We want to believe our employees are good people—but the stats tell us that between 15 and 25 % are not. The only way to find these people before they do irreparable damage to your organisation is by understanding human behavior and knowing when their activities don’t match their profile.
Synthetic identities
I believe we’ll see another form of fake identity coming specifically for the financial services industry in 2021. Synthetic fraudsters use real and fake credentials to build a phony profile good enough to apply for credit. Although the applications are normally rejected by the credit bureau, having a file is enough to set up accounts and start building a “real” credit history to apply for bank accounts, credit cards, and loans. It’s almost impossible to tell a real identity from a synth, and since there’s no individual person whose ID is stolen, the real victims are the businesses left with no way to recover their losses.
You would think that modern technologies such as machine learning (ML) could easily identify this kind of fraud. The issue is finding the data set to train the ML: how do you show it how to identify a fake persona when they’re almost indistinguishable from real people?
The answer is to dig deeper to establish identity with third party data feeds which show a consistent history or a face-to-face identification of a passport or driving license. Over time, businesses can build a checklist of inconsistencies commonly found in synthetic identities and use this to train an algorithm to automatically flag suspect files for action.
Insider threat needs to be taken seriously and accepted as a real risk by security leaders, who should ask tough questions about whether they have the tools and solutions in place to spot and stop anomalous behaviour, before it’s too late.