RedOwl offers solution to insider threats

Thanks to the dark web, companies have to be more vigilant than ever before in protecting themselves from inside threats, David Pogemiller explained.

Mr. Pogemiller is a vice president at user behavior analytics provider RedOwl, creators of Monetizing the Insider: The Growing Symbiosis of Insiders and the Dark Web, RedOwl’s report on the growing threat insiders pose to companies.

That risk is posed by anyone with access to a company’s enterprise network, Mr. Pogemiller said, while adding it does not even have to be high-level access if that employee can be enticed to act.

Those employees are increasingly being enticed by influences on the dark web, an area of the internet which enables anonymity. Whether it be greed or disaffection with their employer, these people are finding it at double the rate they did just one year ago.

David Pogemiller

David Pogemiller

“Our motivation is to spend a significant amount of time to help organizations protect against the threat posed by insiders inside the security wall,” Mr. Pogemiller explained. “Once behind the perimeter, there’s a significantly lower cost of action.”

Those insiders looking to cause harm are going to school on the dark web, which in contributing to a growing risk in three ways.

The first way is by providing a marketplace where insiders can easily monetize their insider access. Word is quickly spreading that there is a vast, borderless market for insider information such as stock tips, passwords and other financial information.

Sophisticated agents have also learned the dark web is a perfect recruiting ground for people better positioned to carry out malicious activity.

“The dark web also weaponizes insiders by giving them the knowledge and tools to enable them to act on their insider information,” Mr. Pogemiller said. “Another way of looking at it is within every organization thee are three types of insiders, the good, the bad and the tempted. The dark web is making it so that those who are tempted can act.”

While there are no hard numbers, Mr. Pogemiller said historical evidence suggests that most insiders accessing the dark web are doing so for personal gain, with few acting on some personally defined moral ground.

Once on the dark web, insiders find their way to a site such as Kick Ass marketplace, an insider trading subforum established in February 2016 on a prominent dark web community.

Interested participants have to be interviewed to prove they have valuable information. They then have to pay a membership fee of one bitcoin and have their information verified before it is posted. Recent posts have included information on stock markets,  commodities, foreign exchanges and significant business changes.

“Sophisticated actors can empower naive insiders to install malware or to take advantage of their access to embargoed information like press releases and earnings reports,” Mr. Pogemiller said.

When the report authors checked Kick Ass for activity, they saw five new posts within a week and 40 membership fees paid.

Another group scammers are eager to access are retail workers, who have constant access to credit card numbers. They have access to credit card numbers and can be outfitted with the required tools.

Mr. Pogemiller said more companies are developing insider threat programs, especially after the Department of Homeland Security publicized the issue.

“But there is lots of catching up to do,” Mr. Pogemiller admitted.

A good insider threat detection program should contain certain elements, Mr. Pogemiller said. The first is a is a strong corporate culture where employees feel supported and emotionally engaged.

“A strong culture helps reduce the number of people who go from good to bad, but a passive or bad culture can push people to turn bad,” Mr. Pogemiller said.

Companies also need to educate employees and contractors as to threats such as using external USB devices or sharing passwords.

More organizations are working with companies like RedOwl to develop ethical monitoring of inside activity.

“The technology today enables organizations to have access to relevant information while also monitoring activity in a way which respects people’s privacy,” Mr. Pogemiller said.


Learn more about RedOwl:

Interview with Tim Condello