Since Edward Snowden leaked classified information from the National Security Agency (NSA) in 2013, the FBI and Apple had a public battle around privacy, Shadow Brokers leaked some of the NSA's hacking tools, and Hal Martin, an ex-NSA contractor was arrested for stealing classified information.
To ask what has been the impact on the cybersecurity industry at large in the aftermath of the Snowden leaks, feels almost ironic given that these aftershocks continue.
The NSA leaks shook the public trust and called policies and procedures into question. Ongoing conversations around government surveillance, privacy, and security resulted in President Obama issuing a directive mandating that the Office of the Director of National Intelligence release an annual report on the changes that the intelligence community will continue to implement to signal intelligence (SIGINT) activities.
Three years after the Snowden leaks, one thing is for certain: The greatest impact of Snowden is "Snowden". A name unfamiliar to most prior to 2013, Edward Snowden is now globally synonymous with so many aspects of cybersecurity from espionage to privacy.
He's the poster child for insider threats. What security practitioners struggle with when trying to defend against insider threats, "Is finding the balance between providing users what they need to significantly increase competence while at the same time ensuring that they do no harm," said Chris Inglis, former deputy director at the NSA during the Snowden revelations and chairman of the Securonix strategic advisory board.
Without monitoring every key stroke, which would indeed compromise morale and productivity, "They are increasingly doing more to understand what people are doing in real time with privileges," said Inglis.
Because they can't just check at the exit points, said Inglis, there needs to be more tracking and more analysis in real time. "There were 260 million attacks on the DOD last year. Most of those were DDoS from outsiders, which is not unusual, but there is disproportionate leverage given to insiders," Inglis said.
Many government agencies and enterprise alike have implemented policy changes that allow them to establish a solid foundation of trust for their employees and contractors.
"You determine through extensive background checks that they are trustworthy, but then you verify that they made good use of that trust. Look at their transactions in real time," said Inglis.
Jim Christy vice president investigations and digital forensics at Cymmetria, said that the scar tissue that remains in the aftermath of Snowden is not technical but personal. "Everybody is probably scurrying around trying to beef up their technical security, but they need to focus on people."
Sign up for Computerworld eNewsletters.