In a recent article about the Morgan Stanley insider theft case, Gregory Fleming, the president of the wealth management arm said:
“While the situation is disappointing, it is always difficult to prevent harm caused by those willing to steal”
Disappointing? 350,000 clients were compromised, the top 10% of investors, and this following a breach that left 76 million households exposed.
Morgan Stanley fired one employee
The fact is, this breach was preventable. Firms like Morgan Stanley are remiss in allowing these to occur, and are adding to the problem by perpetuating the myth that they cannot be stopped. The minimal approach of repurposing perimeter cyber security solutions does not work. These perimeter solutions and practices have been in place in each case of insider breaches including the U.S. government (i.e. Bradley Manning, Edward Snowden), Goldman Sachs, and the multiple Morgan Stanley breaches. Even Sony Entertainment had some intrusion protection in place. Cyber security professionals remain one step behind the criminals in defining events, thresholds, and signatures – none of these are effective for the insider.
Building behavioral profiles for all employees, managers, and executives using objective criteria is the best, and possibly the only, feasible way to catch the insider. Current approaches that focus the search for malicious insiders based on the appropriateness of web sites, or the stability of an employee based on marital situations seem logical, but provide little value. There are a lot of people that get divorces that do not steal from their employers or their country.
Rules and thresholds defined by human resource and cybersecurity professionals have proven ineffective at stopping the insider. Data analytics using unsupervised machine learning on a large, diverse dataset is essential.
Personam catches insiders before damaging exfiltrations. It is designed for the insider threat, both human and machine based, and has a proven record of identifying illegal, illicit, and inadvertent behaviors that could have led to significant breaches.
The malicious insider can be caught, and it is time to take the threat seriously and time to stop giving firms like Morgan Stanley (and Sony) a pass on their unwillingness to address the fact that they have people on the inside willing to do harm to their clients, their company, and in some cases, our country.