Keith Lowry, who led the Edward Snowden counterintelligence damage assessment team, says the majority of data breaches are not caused by hackers as most people think, but by internal factors such as malicious insiders, loss or theft of devices or errors by IT and security administrators.

Mr Lowry says many organisations are exposed to serious insider threats because they don’t know exactly where all their critical and most sensitive data is held and their executive teams are not willing to promote integrated security programs to address insider data breach threats.

While more than one third of all cybercrime incidents and security breaches are reportedly caused by insiders, Mr Lowry says the true figure is much higher because many organisations don’t always know when an insider breach has occurred or they may be reluctant to report incidents.

“The harm caused by data breaches, theft of intellectual property, loss of financial information and other critical-value data is now epidemic,” Keith Lowry said.

“The financial costs for governments, corporations and individuals amounts to hundreds of billions of dollars each year globally, not to mention the huge loss of reputation, trust and value.”

“Insiders can cause greater damage compared to external cyber-attacks but many organisations still have poor strategies in place to prevent a serious and costly insider data-breach from occurring.”

“Executive teams need a new approach to these risks because old security models and IT systems which focus on outside cyberattacks provide very little defense against an inside job.”

Insiders use their position to advance personal, political or nation-state agendas. They also steal or leak financially valuable data, such as credit card numbers and personally identifiable information, which can be used to commit fraud or sold on the black market.

Mr Lowry brings unique insights on the damage that insiders can inflict on government and corporate organisations. He was the Chief of Strategy and Evaluation Group with the US Office of the National Counterintelligence Executive during the Snowden investigation. He was also closely involved with the US Army investigation into Bradley Chelsea Manning, who disclosed nearly three-quarters of a million sensitive and diplomatic documents to WikiLeaks. Working for Nuix, he now advises leading corporations and government agencies around the world on how to manage insider breach threats.

Mr Lowry says detecting and deterring insider threats can be a massive challenge, which is why many organisations simply avoid the issues because they don’t know where to start. He says executive leadership support is essential from the start to ensure the whole organisation has the right attitude towards data security and identifying insider breach risks on a daily basis.

Nuix recommends organisations focus efforts on very specific and definable targets - namely their critical-value data and the very limited ways in which an insider threat person could access, gather and exfiltrate that data from their network.

Using this focus, organisations should develop a proactive insider threat mitigation program that combines three key elements:

• Understand and focus – identify where critical-value data is located, who has access to it and how.
• Protect and disrupt – use intelligence and analysis to identify insider threat actors within systems and networks.
• Deter and detect – have accurate and up-to-date cybersecurity and IT policies, training and forensic tools in place.

“A successful program requires executive leadership and advocacy, clear policy and guidance, and workforce education and training, not just a piece of software,” Mr Lowry said.

“It must bring together stakeholders from across the organisation including human resources, administration, legal, physical security, information security and information technology.

“With these elements in place, an organisation can address insider threats before they become messy and costly public problems.”

Lowry believes this three-pronged strategy would have assisted in the case of the Bradley Manning leaks, as data was being trasferred using known methodologies.

“The fact that critical value data was being accessed and where it was being transferred to would have raised a flag,” he said.

“It would have given someone the opportunity to question why that was occurring.”

Cybercrime is costing Australian organisations and individuals around $A1 billion a year according to the Australian Crime Commission. The average overall cost of a data breach for Australian companies is nearly $A3 million according to the Ponemon Institute’s 2015 Cost of Data Breach Study.

Nuix’s CEO, Eddie Sheehy says problems are being compounded because of a rapid build-up of unstructured data in organisations such as mail archives and contact databases, which can be buried across a multitude of file formats and devices.

Mr Sheehy says many organisations simply don’t know where their critical data is and that is making it harder for them to solve business problems such as e-discovery, investigations, information governance, privacy, risk and compliance, data migration and cyber security.

“That’s why building a culture of security in an organisation must be a top priority for executives, starting with an understanding of where the crown jewels are kept and then having a strategy in place to protect them from insider threats.”

The Federal Government has acknowledged the seriousness of insider threats for departments and businesses. The Attorney General George Brandis recently released a new handbook, Managing the insider threat to your business to help organisations understand and deal with the key insider risks.