The continual evolution of technology in the information age exponentially increases the amount of information that is stored, accessed, utilized, and transmitted daily. This information has varying business and personal value and can be classified in a several ways, some of which includes proprietary, strategic, financial, personal, and health. Even more importantly, at the national level, information can be of great importance to national security, and exploitation at this level can put a country’s national defense and interests at risk as well as those associated lives. This gives information a value; further, it means that information must be protected while in use, in motion, or at rest through a variety of means. This protection must consider internal, or insider, threats as well as external. Many insider threats are consequences of unintentional internal user activity; however, these risks can be mitigated through personal security measures, user access controls, education, and cyber security monitoring and incident response. Other internal threats may come from individuals that have access to information; again, the mitigation of this threat is best managed through similar controls as identified above. Another internal threat can come from those individuals who have elevated or privileged network, system, and cyber access to maintain, update, and protect the information system. Where businesses can conduct personal security checks and ensure they are adequately credentialed and experienced, they can never guarantee that every individual will always act in a moral, ethical, and legal manner. Collins, Sainato, and Khey identified that an individual only need a suitable target to exploit, a motivated offender, and the absence of a capable guardian to exploit or victimize.

Accessibility to systems and information further serves to simplify a “bad actor’s” ability to exploit by increasing the individual’s available attack surface and capability. This means that it becomes critical to understand and recognize the most important enabler, motivation, that may drive them to engage an adverse activity. Motivation can be created for a variety of reasons, with some of the most common being financial, perceived love, disgruntlement, or blackmail. Financial motivations can be further broken down, as an opportunist may recognize an opportunity for increased wealth or potentially out of necessity based on unmanageable debt. Recognizing the latter is why credit reports are an important part to executing personal security measures. As an example of a “love” motivator was the US Embassy in Moscow breach in 1985. Although love drove a Marine to provide physical floors plans that later enabled a foreign nation to install and subsequently conduct surveillance within a US Embassy, the same motivation could have used to execute a cyber breach with an analyst who had cyber access. One of the identified techniques that has become more popular is blackmail. If an information technology/cyber employee puts themselves in a compromising position, a bad actor could entice that employee to execute malicious behavior in exchange for secrecy. Though this technique would more commonly be used to seek financial outputs, it can be used to provide the needed motivation to exploit. Over the years, there have been many cases that demonstrate motivation for the variety of means identified.

One of the most publicized exploits by a trusted cyber actor was the National Security Agency (NSA) breach by Edward Snowden. Snowden was an administrator with the NSA who had very high-level access to information. Although, Snowden’s motivation stemmed from a disagreement over US Government practices vice a financial gain, he had the key enabler of a motivation, the capability, and a target that could be exploited. As identified within Infosecurity Magazine’s 2013 article, “How Snowden breached the NSA from the Inside,” “Snowden was able to fabricate digital certificates and cryptographic keys; but the NSA had no ability to detect the forgeries.” This was one of the most famous cases demonstrating workplace utilizing cyber technology. As also identified within the Infosecurity Magazine article, “Snowden didn’t need to employ all the steps of the intrusion kill chain, because he was already inside the network. What was left was reconnaissance, intrusion, and exfiltration.”

There are several lessons learned every time there is a breach. Ultimately, protection of the network heavily relies on several controls that encompass requirements include personal, physical, and cybersecurity. To execute protect, detect, and respond, security administrators and analysts require privileged access and the use of special tools and capabilities. Businesses, organizations, and nations around the world must acknowledge and mitigate those risks associated with employees that utilize cyber technology, because that same technology can be utilized adversely. In examining the breach by Snowden, Riechmann (2018) wrote that Joel Melstad, a spokeman for the US Counterintelligence center identified that “Snowden-disclosed documents have put U.S. personnel or facilities at risk around the world, damaged intelligence collection efforts, exposed tools used to amass intelligence, destabilized U.S. partnerships abroad and exposed U.S. intelligence operations, capabilities and priorities.”

Collins J.D., Sainato, V.A., & Khey, D.N., (2011). Organizational Data Breaches 2005-2010: Applying SCP to the Heathcare and Education Sectors. International Journal of Cyber Criminology, 5(1), 794-810.

How Snowden breached the NSA from the inside. Infosecurity Magazine. (2013, November 13). Retrieved October 15, 2021, from https://www.infosecurity-magazine.com/news/how-snowden-breached-the-nsa-from-the-inside/.

Riechmann, D. (2018, June 4). Costs of Snowden leak still mounting 5 years later. AP NEWS. Retrieved October 15, 2021, from https://apnews.com/article/hi-state-wire-national-security-europe-russia-government-surveillance-797f390ee28b4bfbb0e1b13cfedf0593.