Insider threats present an intriguing and complex challenge. I believe that it is the most significant threat facing modern organisations in today’s interconnected world. You only have to look as far as Edward Snowden and Chelsea Manning to understand the damage that insiders can cause.
As far as security threats are concerned, an insider threat is the elephant in the room.
It’s a subject that is often seen as taboo and unthinkable, a topic that experts would rather not discuss. There are two reasons for this, firstly, it means that much of what they are suggesting is ineffectual and secondly, they don’t actually have a clue on how to address the issue, so they’d rather not talk about it. The very idea that you could have someone within your organisation that negatively harms the business is regularly dismissed.
This level of ignorance isn’t limited to run-of-the-mill business, either. Tech giants, critical infrastructure and even government agencies are all woefully naïve to this potential threat.
Insider threats come in a myriad of forms from the full gamut of society and trying to preemptively pinpoint potential perpetrators would be tantamount to mind reading. But even though, I truly believe that when you know, you can act. When you can predict risk, you can effectively prevent it.
Having an insider threat in an organisation, doesn’t leave a black mark on the management process or reputation, quite the opposite. It helps to mitigate risk.
However, insider threats cannot be mitigated solely through technology solutions. There is no silver bullet, hope is not a strategy, nor is a great recruitment process.
But you can reduce some risk… you can gain insight on why insiders pose so much risk to your business and what you can do to understand, own and mitigate that.
Instead of assuming that it won’t happen… become familiar with some of the deadly assumptions that make insider threat a reality.
How business resilient is your organisation given that it is managed by people? Would you know which of your employees may pose a threat to your organisation, assets either through a malicious or unintentional action
Damage and the risk of suffering from trusted employees and business partners is certainty not a new phenomenon. While most stories revolve on events affecting individuals, there have also been a fair share of threats from individuals that can effect an entire organisation.
To reduce risk requires the shaping of people’s behaviour. When we understand that “the human nature is dynamic, unexpected and, in most cases, unpredicted, but can be manipulated and shaped with appropriate skills and tools” then we can minimise a risk of threat.
The simple idea behind reducing threats is to identify and flag early indicators of compromise to avoid growing risk impact.
As yourself what can go wrong and what price you’re willing to pay for not stopping that threat before it grows into a RISK?
Boaz Fischer is Australia’s Trusted Authority On Insider Risk Management. A cyber security expert par excellence, Boaz is the owner of five companies and a consultant for the Australian government. He’s made it his mission to help businesses understand the risks their companies face from insiders.
As far as cybercrime and cyber security are concerned, insider threats are the elephant in the room. It’s a subject that is often regarded as “taboo” and one that the experts would rather not discuss, in part because companies don’t want to consider the idea that parties within their organisations could be causing harm.
This level of ignorance isn’t limited to run-of-the-mill businesses, either. Tech giants, critical infrastructure organisations and even government agencies are woefully naïve regarding this potential threat. To complicate matters, while “insider threats” sound like a simplistic problem that should have a simplistic solution, nothing could be further from the truth.
Understanding that you face a threat from your employees can be difficult to take, but it doesn’t mean that you shouldn’t trust them. After all, you can’t sack everyone, and you certainly can’t do business without them. What you can do is understand the risks, how they present themselves and what you can do about them.
© 2022 Naked Insider, Level 1 Colbee Court, Phillip ACT, Australia Tel: +61 6282 5554