Insider Spies Are the New Cyberthreat

NEW YORK—Security experts now say the cyberthreat of greatest concern is the human element. This includes insiders such as former NSA contractor Edward Snowden as well as the conventional spies working for countries like China.

“The weakest part of any security program is people,” said Robert Zandoli, senior vice president of the global chief information security office of multinational insurance company AIG.

Zandoli was part of a panel at Pace University on April 3 on emerging threats in cybercrime, hosted by global financial leader and accountant organization ACCA.

He said the damaging activities of an insider can be intentional—from someone working on behalf of a competing company or a foreign government—or they can be unintentional.

Regardless, Zandoli believes companies need more awareness about the threat, so that “if someone travels overseas to China, where everything is monitored, they’ll know what to beware of.”

Insider is the new buzzword among security folks. A recent survey of 537 decision makers at midsize and large businesses in France, the U.K., and Germany found that only 9 percent of businesses feel safe from insider threats.

The survey was conducted by enterprise data security firm Vormetric, in conjunction with industry analyst firm Ovum. It also found the problem is growing more severe, with 47 percent of companies saying it grew more difficult to find insiders than in the previous year.

At the Pace event, Zandoli’s concerns were echoed by others on the panel, including FBI Special Agent Charles Gilgen, who works specifically on insider threats or human intelligence (HUMINT)—fancy words for spies.

Gilgen said the threat is particularly acute when employees travel abroad. He said very plainly that, if you’re traveling overseas with information someone wants, “People will try to steal trade secrets from you.”

He added, “It doesn’t have to be a foreign government. It can be a competitor.”

The line between foreign competition and foreign government is blurred, however, by countries like China where many large companies are owned in whole or in part by the state.

There are clear advantages of using insiders over off-site hackers. Hackers suffer from tunnel vision, while insiders can learn where information is stored and then open up employees’ computers or data storage areas while nobody is looking. Snowden is a poster-boy for this type of access.

Security systems are getting stronger at large companies, but an insider can just connect an infected computer into a company’s networks, or intentionally visit an infected website, in order to provide access to the hackers.

Bernadette Gleason, North America eCrime laboratory manager at Citigroup, told the Pace panel that the bring-your-own-device (BYOD) policy at many companies is only making the problem more acute.

She said that the use of smartphones means everyone has a pocket-sized camera. Gone are the days when spies had hidden cameras and microfilm hidden in coins. Insiders can just use their smartphones to photograph computers or customer data.

Insiders can also work in collaboration with off-site hackers. The problem is well known in the intelligence community, but is still relatively unknown in the private sector.

Jarrett Kolthoff, president of cybercounterintelligence company SpearTip and a former special agent in U.S. Army counterintelligence, told Epoch Times in an earlier interview that Chinese hackers will even attack networks where an insider recently stole information—making it appear as if the information were stolen through a cyberattack instead of by a spy.

“It’s very, very effective,” he said.