The former CIA director Michael Morell has admitted that the leaker involved in the NSA Shadow Brokers leak might still be at work in the agency as, 15 months after the leak first occurred, they are still uncertain of what was stolen and whether there is more to come. Piers Wilson, Head of Product Management at Huntsman Security commented below.
Piers Wilson, Head of Product Management at Huntsman Security:
“For a former director of the CIA to admit that, 15 months after the initial Shadow Brokers breach, the leaker might still be employed there is a stunning admission. It once again highlights how incredibly difficult it can be to spot insider threats, since the majority of network security solutions are geared up to identify detectable, external dangers often based on publicised signatures and little more. If the leaker is still working for the NSA, they can bypass so many crucial lines of defence because they already have access to the network and systems – allowing them to compromise sensitive data without raising the alarm if they have knowledge of what controls are in place and how to subvert them. In the wider corporate world these kind of breaches may not even involve any malicious intent – merely ignorance, negligence, or just plain carelessness.
If insider threats are a problem at the NSA, one of the most security-conscious organisations on the planet, it just shows that security must focus on the early detection, investigation and verification of risks in the broadest sense – known and unknown, insider and out; creating baselines of ‘normal’ behaviour so that any anomalous activity can be identified. This type of approach enables organisations to take the appropriate action to deal with any given threat, regardless of the source or motive. The alternative is more damaging security leaks like Shadow Brokers and last weeks’ Vault 8 revelations.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.