TL;DR: A JetBlue gate agent recently pled guilty to $750,000 in ticket fraud, abusing her privileges to adjust the cost of tickets for friends and family. This type of malicious Insider Threat can be avoided with the right mix of user and data activity monitoring.
A Massachusetts-based JetBlue gate agent recently pled guilty to $750,000 in ticket fraud, according to a Department of Justice filing. Reports stated that the agent used her privileged access to the system to adjust ticket prices for friends, family and acquaintances over the course of 15 months. By using a special code intended for bereaving passengers, the gate agent overrode the cost of major changes, including changing short-haul domestic flights to more expensive international flights.
Unfortunately, this type of Insider Threat is relatively common across all industries. Privilege abuse can occur via anyone with access to sensitive areas of the server, not just technical employees and contractors. Organisations can protect themselves against these types of threats by monitoring both user and data activity, to ensure malicious actions don’t fall through the cracks.
Motives of malicious insiders
Understanding what motivates Insider Threats is often the first step to effective prevention. In the JetBlue ticket fraud case, the agent was acting on behalf of friends, family and acquaintances to do favors for financial gain. Financial motives are popular among malicious insiders, with many facing personal circumstances where they feel they need to act drastically in order to profit from their employment status.
It’s possible the gate agent’s motives were emotional as well. In the DOJ filing, the agent claims that she was adjusting ticket prices so friends and family could “see the world.” While this may seem like a noble motive, it’s not a good enough reason to defraud an employer and risk termination -- or worse. Other emotionally motivated malicious Insider Threats could include people who were recently terminated or given a negative performance review.
Finally, political motives are growing among malicious insiders. State-sponsored threats are on the rise, as some insiders commit espionage on behalf of foreign governments to steal intellectual property or other valuable data.
However, knowing a malicious insider’s motives is only a part of the equation -- having the right technology in place to effectively monitor Insider Threats can help catch incidents in progress and speed the rate of investigation.
Monitor both user and data activity
Many organisations mistakenly focus their security defenses outward, and miss some of the signs of Insider Threats -- whether they’re accidental or malicious. Many security tools, like Data Loss Prevention (DLP) solutions, monitor data movement alone, which misses a key element of Insider Threats: People.
For example, a DLP may not have identified that anything suspicious was occuring in the JetBlue scenario, since the agent was abusing privileges using a legitimate code to override changes. However, a dedicated Insider Threat Management solution like Proofpoint ITM could possibly have been used to flag a sustained pattern of suspicious user activity to the security team.
Once the security team receives an alert, they can investigate exactly who is making these changes, to what parts of the system, when, where, and why. In this example, a single agent had made hundreds of thousands of dollars of changes in a relatively short time period, with a code that should have been used sparsely. Ideally, these types of problems can be caught before they add up to major financial damages.
Other aviation industry threats
Unfortunately, beyond cybersecurity threats alone, aviation companies must also contend with the potential dangers of physical Insider Threats. In many cases, a concerted, cross-disciplinary effort must be made to implement effective screening processes for interviewees and employees, and regularly check on employees’ wellbeing.
This is still a major area of improvement for most organisations, as 48% of companies globally admit they still aren’t investing in employee happiness or wellness initiatives. These types of measures could be the most effective security defense for your people -- not to mention it’s the right thing to do!