Let’s face it, when it comes to insider threats there is a lot of information out there and it can all be very overwhelming. While CERT Insider Threat Center has the leading edge research on the topic area, it can take a few days to absorb the most recent Common Sense Guide published by them.
Below you’ll find a case study and some quick tips that will help you stay up to speed on insider threats, and prevent the events of the case study.
Setting the Scene
Regional healthcare provider with third party EMT staff who had unlimited access to personal health records of patients.
There were rumors in some local communities that the hospital was selling patient data. These occurred after there seemed to be a trend with certain lawyers using private medical history against people in insurance disputes. Security did notice the same lawyers present anytime certain types of incidents and cases came into the emergency room. IT also noticed that some unauthorized portable devices were reading and writing data.
IT performed an audit of their access logs of personal health records of patients.After an analysis cross with other systems, they were able to conclude that specific EMTs had been copying data onto flash drives while the patient was in transit to the hospital. The EMTs were tipping off some lawyers and selling personal health records to the lawyers upon arrival to the emergency room. In response to this IT coordinated with upper management to develop a baseline behavior pattern and automate alerts of deviation in user behavior. Additionally they were able to block the third party EMT vendor’s access and only allow access to records by manual approval.
So how can you help clients avoid a situation like this and stay up to date on best practices?
Follow the Leader
While sitting down to read reports and studies can seem like a time consuming task, a quick way to stay informed is to listen to the CERT Podcast Series. The series features discussions about insider threat from some of the most prominent researchers in the information security space. Listening can be a quick way in the morning to gain the latest insights and have a targeted approach for knowing what practices to research for a client’s needs.
Admittedly, regulation and requirements can at times be slow, however what it does indicate is the bare minimum that should be in place now. To find the most leading edge information on insider threat follow the criticisms of the regulation. The journalists and experts who write on these topics are often very in touch with what’s needed and will provide bite size updates on the current state of the information security space. An example of this is when the Department of Defense published a their procurement requirements that specifically targeted insider threats.Criticisms said it did not go far enough. The Cipher Brief collected interviews from major companies who indicated what would be best practice.
Document various industries current practices and use these as a baseline for your clients. Ensure this is a weekly process to track any shifts in different industries and see if any can cross over into other industries. This will not only keep you up to date with a client’s business environment but also ensure that you have a database of practices you could help your client quickly catch up on.
While there are a variety of ways you could try to stay up to date. These are some of the most accessible to quickly get up to speed on what’s the ideal, what’s the minimum, and what’s in practice. Providing you with a full scope of where your client may be and where you’d like to end up at the end of a project.