Combating The Insider Threat Supply Chain Trust

Combating The Insider Threat Supply Chain Trust

In today’s business landscape, organisations often rely on suppliers such as technology vendors, businesses partner resources, suppliers of raw materials, shared public infrastructure, and other public services. These “outside” entities are all examples of the supply chain, which is a type of trusted business partner (TBP). However, these outside entities can pose significant security risks.

Example – Target

The infamous Target hack back in November 2013 was traced back to network credentials that were stolen from a third-party vendor. The vendor in question was a refrigeration, heating and air conditioning subcontractor that has worked at several locations at Target and other top retailers.

It wasn’t clear why Target would have given an HVAC company external network access, or why that access would not be cordoned off from Target’s payment system network.

The result was the data leakage of personally identifiable information of over 100 million individuals.


So, what is a supply chain attack?

A supply chain attack also called a “value-chain” or “third-party attack” occurs when someone infiltrates an organisation system through an outside partner or provider with access to the victim systems and data.

The risks associated with a supply chain attack have never been higher, due to increased cooperation and partnership between organisations.

The use of trusted business partners is common today. Organisations outsource primarily to cut costs. But today, it is not only about cutting cost but also about reaping the benefits of strategic outsourcing such as accessing skilled expertise, reducing overhead, flexible staffing, and increasing efficiency, reducing turnaround time and eventually generating more profit.

Meanwhile, attackers have more resources and tools at their disposal than ever before, targeting the smaller, less abled security-abled organisation that leads access to the bigger prize.

As the saying goes: “why try to break the front door when you can come around the back

According to a survey conducted in late 2018 by the Ponemon Institute, found that 56% of organisations have had a breach that was caused by one of their trusted business partners.

The Ponemon Institute went on to say that misuse or unauthorised sharing of confidential data by third parties was the second-biggest security worry for 2019 among IT professionals.

Here are two questions for you:

  1. How many of you consider the risks when the supplier relationship is terminated? And
  2. Do you include adequate details for managing the tricky process of vendor termination?

Other risks to consider

  • Risks in hardware and software supply chain – Almost every company uses outside software and hardware. Each purchased device, each downloaded application needs to be vetted and monitored for potential security risks, and all patches have to be up to date.
  • Risks in using cloud providers – Your business applications and data are housed in a trusted cloud provider site that you have no control, let alone know who has access to it.
  • Risks from professional services – Just because services are provided by trusted business partners, it doesn’t mean they are not immune to the same problems that you may be experiencing. They too could be impacted by an insider incident.


Highly recommended practices to adopt

The list below outlines several best practices that are available to assist you with mitigating insider threat risk within the supply chain.

  • Acknowledge that supply chain trust risks exist. Identify each supplier’s scope of activities and where they fit into your organisation’s supply chain.
  • Define and document the rules of engagement. Define the terms and conditions, ensuring that these rules are integrated into the contract between the supplier and your business.
  • Deploy a monitoring strategy. Never assume that the trusted business partners are doing the right thing by you. Trust and verify. Monitor their actions and identify anomalies and deviations.
  • Form effective partnerships by having clear communications that are supported at all levels of your organisation.
  • Background screening. Don’t rely on the trusted business partner to screen their people. Do your own investigation to mitigate insider threat risks adequately.
  • Develop a formal onboarding process to help your business set up a coherent, trustworthy and communicative relationship. That includes inducting the TBP into the organisation policies and procedures.
  • Develop an intellectual property (IP) ownership policy. Define your organisation ownership rights over IP created.
  • Ensure an acceptable use policy that informs the TBP the use of organisations assets
  • Reporting of a policy violation by the TBP. Any violation by the TBP must be reported through a defined process.


How can we help you?

If you fear that some of your trusted business partners may be taking advantage of your business or maybe placing your organisation at risk by performing unwarranted actions, then we can uncover the risks and security blind spots in how your trusted business partners interact with your organisation through an insider risk assessment.

The insider risk assessment is your first step in gaining control and certainty about the potential risks from trusted business partners.

Within 30 days, we will be able to provide you with a report on your organization risks and elevate your highest risk users for inspection.

  • Simple deployment collector on endpoints of your choosing
  • 30 days we will monitor your endpoints, collect user activity data and analyse
  • Threat report – We will review the findings and alerts and compile an executive summary & detailed report that highlights the biggest risks on your organisation

How to get started? Get A Threat Assessment HERE or contact us


Contact Us

For more information, you can also send them an email at: or give us a call at: +61 26282-5554.


Mitigating Insider Threats From Trusted Business Partners

Mitigating Insider Threats From Trusted Business Partners

“All lasting businesses are built on friendship and trust.”

Let me start by defining what a trusted business partner is? Any external organisation or individual that has contracted to perform services for the organisation.

In most cases, that nature of these services requires the organisation to provide the trusted business partner authorised access to proprietary data, critical files and/or internal infrastructure.

For example, if an organisation contracts with a company to perform payroll services, it would have to provide access to its HR data, thereby establishing trusted business relationships.

It is also interesting to realise, that trusted business partners also include individual consultants, temporary employees, contractors, including any former employee of the organisation who is then hired as a consultant or contractor.

This is why it is essential to realise the potential insider threat risk posed by these contractors. But what could go wrong? Here is an example…

MyPayrollHR, a now-defunct cloud-based payroll processing firm based in upstate New York, abruptly ceased operations in September 2019, after cheating employees at thousands of companies. It is alleged that the CEO involved in wrongdoing and misconduct, resulting in countless people having money drained from their bank accounts and has left nearly $35 million worth of payroll and tax payments in legal limbo.

The use of trusted business partners is common today. Organisations outsource primarily to cut costs. But today, it is not only about cutting cost but also about reaping the benefits of strategic outsourcing such as accessing skilled expertise, reducing overhead, flexible staffing, and increasing efficiency, reducing turnaround time and eventually generating more profit.

All industry sectors have consistently experienced insider incidents committed by trusted business partners – any individuals an organisation has contracted to perform a service. As indicated in the figure below, the percentage of insider incidents perpetrated by trusted business partners has typically ranged between 15% and 25% across all insider incident types and industry sectors according to the insider threat division of CERT.

Breakdown of trusted business partners insider incidents

  • Finance and Insurance: 38%
  • Federal Government: 31%
  • Entertainment: 30%
  • Information Technology: 22%
  • Health Care: 18%
  • State and Local Government: 16%

It is essential to realise that trusted business partners have the same access to your critical assets as employees and, in turn, have misused that access to harm victim organisations in the past.

The following page, breakdown details the different types of insider threats committed by trusted business partners.

Insider Sabotage. This crime is committed by a privileged technical user who seeks revenge for adverse work-related events either with the company that has hired him/her or with the contract organisation.


A contractor was employed as a programmer and Unix engineers by Fannie Mae. The organization notified that insider that his contract would be terminated for a script error that he had made. The insider who was permitted to finish out his day at work and subsequently planted a logic bomb in a script that would have deleted the root passwords for 5,000 of the organization servers. Fortunately, Fannie Mae system admins found the malware days after the contractor left.

Insider Theft. In this case, the trusted business partner has authorised access to organisation assets. The insider uses authorised access to steal these assets from their client.


In 2016, hackers stole sensitive data – F-35 Joint Strike Fighter and other vehicles and munitions from a small Australian defense company with contracting links to national security projects.


Insider Fraud. Simply, you are at risk from fraud when you hire contractors for positions requiring access to personally identifiable information or financial information.


A claims processor at a company contracted by an insurance company used authorised access to divert million dollars through falsified insurance claims to a personal address.

Recommendation and Mitigation

Who are your trusted business partners?

By now, you probably understand that you need to include trusted business partners as part of your countermeasures for insider threats.

The key question to ask: Who are your trusted business partners? And secondly, is there anyone else that you provide authorised access to your critical assets?


Here are some of the recommended mitigations that you should consider

  • Create clear contractual agreements that explicitly state that trusted business partners are also responsible for protecting organisation assets. It should include restrictions on how they handle and share information.
  • Understand the policies and procedures of the trusted business partner. The trusted business partner should understand and follow your corporate policies and controls as well as you should ensure that the trusted business partner policies and procedures are at least as effective as your safeguards.
  • You should monitor actions performed by trusted business partners. You need assurance that access to and distribution of your data is monitored.
  • You should monitor, manage and maintain access rights. Trusted business partners should have the necessary access to their job and not beyond it. 
  • Deactivate access following termination. You should perform a rigorous termination procedure.
  • Enforce separation of duties. Business processes should enforce separation of duties regardless of speed or priority required.
  • Manage and anticipate negative workplace issues coming from trusted business partners.

The insider threat landscape is continually evolving. The use of trusted business partners creates a more complex environment to ensure the confidentiality, integrity and availability of your assets.

It is therefore essential for you to to understand that the use of trusted business partners is really an extension of your business. In the same manner, as a tennis racket is an extension of one’s arm. The rules that you apply to your business need to be applied to the trusted business partner.

How can we help you?

If you fear that some of your trusted business partners may be taking advantage of your business or maybe placing your organisation at risk by performing unwarranted actions, then we can uncover the risks and security blind spots in how your trusted business partners interact with your organisation through an insider risk assessment.

The insider risk assessment is your first step in gaining control and certainty about the potential risks from trusted business partners.

Within 30 days, we will be able to provide you with a report on your organisation risks and elevate your highest risk users for inspection.

  • Simple deployment collector on endpoints of your choosing
  • 30 days we will monitor your endpoints, collect user activity data and analyse
  • Threat report – We will review the findings and alerts and compile an executive summary & detailed report that highlights the biggest risks on your organisation

How to get started? Get A Threat Assessment HERE  or contact us   

Contact Us

You can reach us at the following


Is Your Intellectual Property Moving To A Competitor?

Is Your Intellectual Property Moving To A Competitor?

“Maybe money can’t buy happiness, but it can buy you an advantage.”


It is indeed probable that an organisation with good security practices has a good chance of detecting and preventing an outsider (non-employee) from unauthorised access to company systems and data.

However, the thief who is harder to detect and who could cause the most damage is the insider, the employee with legitimate access, the trusted user. That insider may steal solely for personal gain, someone who is stealing company information or products to benefit themselves, another organisation or country.


Here are a couple of examples

  1. Cisco Systems Inc. sued three former senior employees whom it accused of stealing thousands of files containing confidential information when they defected to a competitor.
  • Months before, one of the former employees downloaded more than 3,000 internal documents containing trade secrets including information about the company’s contributions to 5G technology and its design specification for a video-conferencing prototype
  • Together with two other colleagues, they joined an unidentified company that competes in the IP telephony, headset, video and collaboration
  1. Phillips 66 Research filed a complaint within the US Department of Justice, to the value of technology that was stolen was greater than $1 billion.
  • A former materialist scientist for Phillips 66 Research told that he was returning to China for a few weeks to care for his parents
  • The FBI investigators allege that former employee stole the documents to take with him to China, where he had lined up his next “opportunity.” According to FBI, he was offered the position of Energy New Material Engineering Center Director in Xiamen, contingent upon his “guarantee that the information is provided and is of value.
  • The ex-employee was arrested when a subsequent search of his residence uncovered a thumb drive containing the Phillips 66 files.

In the above two cases, both organisations failed to place appropriate protection for their critical assets against their insiders.

As we know the impact of theft of IP can be devastating. Imagine this…what would befall your organisation if a contractor whose contract ended took the source code of your key application with him or the salesperson who took your key strategic plans with them to start a new competing company? And worse of all, what if one of your employees gave your intellectual property to a foreign organisation or a government? Once an IP leaves your organisation, it is extremely difficult and often impossible to get it back.

For example, the cost of data theft and industrial espionage to the German companies is valued at $229.1 billion (€205.7 billion) over the past two years according to the Federation of German Industries.

How do we then define insider IP theft? According to the Insider Threat Division of CERT, Insider Theft of Intellectual Property is an insider use of IT to steal proprietary information from the organisation.

Intellectual Property: Intangible assets created and owned by an organisation that is critical to achieving its mission.

Types of IP stolen

  • Proprietary software/source code
  • Business plans, proposal, strategic plans
  • Customer information
  • Product information (designs, formulas, schematics)

What was the primary reason that insiders stole IP?

Very few insiders steal intellectual property to sell it. Instead, they steal it for business advantage – either to take it with them to a new job, to start their own competing business or to take it with them to a foreign government or organisation.

In 2019 Blackhat USA conference, Gurucul found that 24% of respondents admitted that they would take company information to help them apply for a more senior role at a competitor. Further, 27% of those who said they look for another job while at work would also take company data to apply for another job.

Insiders have an advantage over external hackers/intruders. Insiders have authorised access to facilities and information. They have knowledge of the organisation systems and their processes and know the location of critical or valuable assets. Insiders know when and where to attack and how to cover their tracks.

Interestingly, 75% of Insiders steal information for which they already have authorised access and usually steal it at work during business hours. What makes it extremely difficult for the victim organisation is the ability to detect it – as it is being copied or removed from the organisation. In other words, the window of opportunity can be quite small.


What can you do?

To prevent your intellectual property from walking out the door, consider the following set of recommendations.

  • Review employment contract
    • Employees do bring information with them and possibly competitive and stolen data from their previous employer. Be aware that your organisation may be liable for the theft. As part of your IP agreement that you make new employees sign, include a statement attesting to the fact that they have not brought in any IP from any previous employer.
    • It is inevitable that many of your employees will move to other businesses at some point in time. As soon as a person turns their resignation, you need to be prepared to act. Identify what information they are accessing. Identify movement of that information 30 days prior to resignation and 30 days post-resignation.
    • Establish consistent exit procedures which should include – Access termination procedures; Ask departing employees to sign a new IP agreement reminding them of the contents of the IP agreement while they are walking out of the door; Review your termination policies and processes.
  • Periodically review and adjust your access controls. Many insiders at the time of stealing information, had access above and beyond what their job description required.
  • Monitor user anomaly activity.
    • Monitoring online and social media actions. These sites allow employees to easily share information about themselves as well as organisation details. Establish a social media policy that defines the acceptable use of social media and information that should not be discussed online.
    • Monitoring of data movement such as unusual large attachments; Printing, copying or downloading of certain information;
    • Tracking of all documents copied to removable media;
    • Preventing or detecting emails to competitors
    • Consider targeted monitoring strategy for employees and contractors when they give notice of their exit.
    • Pay careful attention to the proper use of their personal email.
  • Develop real-time alerting when a user has breached their policies as a result of their online activities by placing the organisation at risk.


How can we help you?

If you want to develop insider threat resiliency practices specifically addressing IP theft prevention, reach out to us.


Contact us

You can reach us at the following


Mitigating The Accidental Data Leak

Mitigating The Accidental Data Leak

“Data by itself never walks out of the door!”


Are you guilty of accidentally hitting the “sendbutton to the wrong person in an email or attaching the incorrect document? Don’t worry, you are not alone. We have all done it. We are ALL human. We make mistakes, that’s part of our DNA.

Real case scenario

A SCRIPT from Star Wars: The Rise of Skywalker was nearly leaked after a clumsy actor left it in their hotel room and it was listed on eBay.

The script was discovered by a cleaner and was then “given to someone else – who then went to sell it. According to Disney… luckily an employee saw it on eBay and bought it.

Not surprisingly, Disney notorious for its airtight, spoiler-proof security measures was not pleased with John Boyega’s gaffe. Earlier this week, J.J. Abrams explained that the studio giant had distributed only “a handful of scripts, and they were printed on crazy, uncopyable paper.” But it took only one human error for the coveted property, valued at about $84, to end up on an auction site.

Human behaviour offers many opportunities for mistakes to be made, especially by those rushing to complete multiple tasks in high-stress environments.

Beyond mistakes, high levels of stress in the workplace will either create an ‘overwhelm’ which put trusted assets into vulnerable states or those people will develop negligence behaviour.

The drive for productivity comes at a cost for both efficiency, accuracy and security. When employees are rushed, they will make more mistakes, feel as if their concerns are not being considered and potentially develop a negative attitude towards management.

Mistakes can be unintentional – anything from ignoring essential security control, speaking one’s mind before understanding the repercussions, or accidentally sharing or leaking sensitive corporate information.  

So where does the responsibility lie to ensure organisation information is kept protected?

A finding conducted by Gemalto in 2017 called Breach Level Index revealed that 76% of all the breaches occurred because of employee error. The worst part is that they could have been easily prevented.

For organisations to limit the number of insider data breaches, it’s crucial for employees to understand the role they play in keeping the company’s data secure.

Yet, it is essential to realise that it isn’t practical for most organisations to implement 100% protection against every threat to your organisation assets.

That’s why organisations need to adopt the following intention – Employees are the first line of defence!

Gone are the days when security was the sole responsibility of the corporate IT/security department.

Today, businesses need to consider threats from insiders whether they are malicious or accidental from a perspective of “enterprise-wide”. Organisations need to develop a comprehensive risk-based security strategy to protect critical assets against the threats from inside and outside as well as trusted business partners.

Training employees to be the first line of defence doesn’t mean that being security-minded in their online activities is sufficient. Organisations need to think and act beyond that.

What can you do?

Organisations must understand the psychology of their workforce and the demand placed upon them by the leadership. Once these are understood, it’s the responsibility of the organisation to create a work environment conducive to positive outcomes.

To reduce the likelihood of unintentional mistakes taking place, organisations may want to consider the following measures

  1. The means by which the levels of stress of employee can be reduced.
    • May include helping employees focusing on achieving outcomes and mission-oriented objectives rather than activities.
    • May include in getting the organisation to focus on people-oriented rather than project-oriented management.
    • May include in reviewing organisation corporate policies and procedures that make employee job easier but make it difficult for them to do something wrong (failure).
    • May include time in work schedule to focus on tasks
  2. Awareness training that leads to responsible actions. And while there is an evident and urgent need for better employee security awareness education, business leaders need to be doing more to provide employees with the ability and capability of being responsible for their actions.
    • Cyber awareness training that leads people from being aware of cyber threats and leading them to become cyber responsible – Getting insiders to act in the best interest of the organisation.
    • Insider threat awareness training which allows employees to be aware of their responsibilities to protect an organisation’s critical assets (facilities, people, technology, information). For example
      • Understanding that employees can be targeted by a malicious individual as well as external adversaries
      • The ability to understand the consequences of being a malicious or unintentional insider.
      • Recognise how an employee can become an unintentional insider threat.
      • The ability to report behaviours not consistent with organisation acceptable behaviour.
  1. Hire new candidates with values that align with the organisation values. Establishing and maintaining a “keen and happy” workforce will reduce the likelihood of unintentional incidents taking place.
    • Begin with hiring the right staff. Congruence of values between employees and the organisation promotes a strong culture. A high level of congruence will show up that “people care” and are less likely to perform the accidental incident
    • However, if employee values become misaligned with the organisation values, the person should be respectfully but expeditiously ushered out of the organisation.
  2. Seek To Build Positive Culture. The most powerful mitigating factor is a well-cultivated culture of peer networks that both support individuals as well as create expectations of excellence.
    • Focus on collaboration. A positive culture facilitates social interaction, teamwork and open communication. This collaboration can lead to some fantastic results.
    • Focus on job satisfaction. Employers who invest in the well-being of their employees will be rewarded with happy and dedicated employees.
    • Focus on employee wellness. Employees need to feel their best – physically, mentally and emotionally to contribute to a positive culture.
    • Focus on the organisation “meaning”. Meaning and purpose are more important in the workplace now than ever. A majority of employees crave meaning and purpose in their work. It provides them with a reason for their contribution to the greater good of the organisation.
    • Encourage positivity. To build a positive culture, employers need to start by encouraging positivity in the workplace. Employees are much more likely to engage in positive behaviour when they see their employers doing so.
    • Foster Social Connections. Workplace relationships are an essential element to positive company culture. When employees regularly interact with one another, they build a high level of trusts
    • Foster a culture of “champions”. Are those employees who embody the values and missions of the organisation. They are excited to promote a company’s aspirations and encourage others to do the same. Identify these employees and encourage them to keep spreading the cheer.

How can we help you?

If you are experiencing accidental data leaks or unintentional actions that have placed your business at risk, then we can certainly help you to sort that out quickly.

To help you identify why your employees are placing your business unintentionally at risk, we need to identify your current “Employee Trust Engagement ” level of maturity. It’s a simple assessment that looks at various areas such as trust, communication, culture, organisation support, job engagement and peer connectivity.

Through a multiple-choice questionnaire,  we are able to understand very quickly where your employee trust engagement maturity sits. We are then able to provide you with the right set of recommendations that will help you engender a positive organisation culture.

Interested in conducting an employee trust engagement assessment? Then reach us at or

Contact Us

You can reach us at the following


What Is The Difference Between Data Loss Vs Data Leak Vs Data Exfiltration?

What Is The Difference Between Data Loss Vs Data Leak Vs Data Exfiltration?

We talk about data loss, data leakage and data exfiltration as if they are one of the same things. But, in fact, they are very different. And what makes it the difference is “intention”.

“Intention” is often defined as the purpose, aim, goal or objective to commit in carrying out action or actions in the future. It involves mental activities such as planning, rehearsal and forethought.

The difference between malicious and unintentional insider incidents is that the former has “intent” to commit a malicious act, whereas the latter, there is no “intent”.

Data Loss

Is the result of data that has been unintentionally or accidentally misplaced so that it is no longer accessible. Simply put, it is lost.

Here are some examples.

  • One of the easiest ways to suffer data loss is by accidentally deleting the files without having any available backup.
  • The computer disk drives may be physically damaged. They eventually break down over time.
  • Power failures can ruin the effort and the time that you spent developing articles which were unfortunately not saved
  • Water and fire damage on your expensive computers will definitely affect the electronics as well as the hard drive.

We often lose data simply because we haven’t got a proper workflow or procedure for data restoration.

Data Leakage

Is the result of the unauthorised and unintentional transmission of data within an organisation to an outside party. Be aware that data can be transferred electronically or physically.

Here are some examples.

  • Someone taking a report home and accidentally misplaces it in the bus/taxi/train/plane. The leak occurs if someone takes that report.
  • Sending an email with corporate information to the wrong recipient.
  • Posting sensitive corporate information onto social media or public website with little security allowing the possibility of untrusted and unauthorised people to access information.
  • Uploading work documents to unauthorised cloud storage to be able to access work from home.
  • Unauthorised removal of physical equipment such as tapes, disks, or machines so that they can be worked on by a third party. How often have you seen a 2nd hand disk drive with someone else content on it?
  • Storing sensitive information or programs on their laptops so that they could have full control over it.

Data Exfiltration

Is the result of unauthorised but intentionally copying, transferring or retrieval of data from within the organisation and taking it out. It is often referred to as “data theft”.

Data exfiltration is primarily a “data breach” when the organisation data is illegally stolen. And the reason they steal it is usually for business advantage. They either take it with them to a new job, to start a new competing business or to take it to a foreign government or organisation.

Note, according to the insider threat division of CERT, nearly 75% of all data theft was carried out by insiders that had authorised access to the information.

What Can You Do Moving Forwards?

As the saying goes “data by itself” doesn’t leave the organisation. It is essential that your organisation understand its information assets. Key questions that you must answer before you can move forward with a protection strategy needs to include the following.

  • What types of data are processed? Is it medical information, personally identifiable information, credit card numbers, inventory records, etc.?
  • What kind of devices process this data? Is it servers, workstations, laptops, mobile devices, etc.?
  • Where is the data stored, processed and transmitted? Single location, multiple locations, foreign countries?
  • How is this data being moved or transmitted? Does it involve only corporate channels or can it be moved using non-corporate channels like USBs, personal emails and cloud storage?
  • What are the critical processes and systems that support the data?
  • And who has access to these information assets?

Answering these questions will help your organisation to inventory your data and importantly develop the appropriate mitigation strategy whether it be data-loss, data-leakage or data-exfiltration.

How Can We Help You?

One of the best ways for your organisation to know its assets and protect them from the insider attacks effectively is to conduct a data risk assessment. The assessment purpose is to provide you with two key deliverables:

  1. Who right now is placing your organisation at risk? Who right now may be putting your organisation in non-compliance? Is that the result of data leakage or data exfiltration?
  2. What type of critical data does your business processes? Who has access to them and where it is stored? Is the data walking out the door without your knowledge?

Interested in gaining visibility? Reach us by leaving your details here 

Take The Challenge

How resilient is your business from insider threat harm? Would you be interested in finding out how you compare to your industry peers? Would you be surprised to know that most organisations that have taken this assessment are somewhat vulnerable? To find out more, 


Contact Us

For more information, you can also send them an email at: or give us a call at: +61 26282-5554.


Could This happen To You – Insider Breach?

Could This happen To You – Insider Breach?

They say that “for every action, there is an equal an opposite reaction”. So what does it take for a business to act on what is an indication that any company might suffer the same fate as Landmark White data breach?

Now, if you haven’t come across the story of what transpired to Landmark White, here is a snapshot:

A Sydney IT contractor has been arrested over a data breach at Landmark White, a property evaluation firm that allegedly affected more than 275,000 people, cost the organisation more than $8 million and resulted in troves of personal information being uploaded onto the dark web.

The alleged contractor accessed and published more than 170,000 data sets including names, addresses, contact numbers, property valuations and driver’s licences between September 2017 and May 2019.

The contractor was arrested following the high-profile cyberattacks targeting Landmark White, a property firm he had worked with for 12 years.

During 2019 Landmark White suffered from two major data breaches.

The first data breach saw Approximately 137,500 unique records and approximately 1,680 supporting documents posted onto the dark web and hurt the company’s revenue by up to $7 million.

Landmark White was placed into a state of temporary suspension from the Australian Stock Exchange (ASX) in early June after the company was hit with a second data breach this year. That breach saw company documents posted to US file sharing platform SCRIBD on Wednesday 29 May 2019.

After the second data breach Commonwealth Bank (ASX: CBA), ANZ (ASX: ANZ), National Australia Bank (ASX: NAB), Bankwest, Bendigo & Adelaide Bank (ASX: BEN), Suncorp (ASX: SUN), HSBC, and Latrobe all suspended LMW as a property valuer.

What was the ultimate impact to Landmark White (LMW)?

  • As a result, the financial year 2019 for LMW was rough, resulting in the company posting a loss of $15.1 million
  • Chris Coonan the CEO of LMW departed
  • Frank Hardiman (CFO) and co-founder Glen White stood down
  • LMW entered a significant trading halt while it assessed the impact of the data breach
  • Several of the biggest financial banks ceased trading with LMW


If there is one lesson that it’s becoming increasingly clear is that insider threat is no longer a security buzzword. The Landmark White incident demonstrates that insider attacks at private businesses can have significant consequences for an organisations’ customers, employees, operations, reputation and bottom line.

Insider threat is real. It requires an enterprise concern commanding executive-level attention.

The traditional approach of mitigating insider threats through some form of hardware and software technology does not work because you are dealing with people. It is important to note, there is no “silver bullet” solution for stopping insider threats. Furthermore, insiders go to work every day and bypass both physical and digital security measures. They have legitimate, authorised access to your most confidential, valuable information and systems, and they can use that legitimate access to perform malicious activity. They can also unintentionally cause harm.

What Can You Do?

Insider threats are an intriguing and complex problem. They are the most significant threat that faces your organisation every day. To address these threats, I recommend that your organisation consider policies, procedures, technologies and importantly shaping positive behaviours to mitigate threats in all areas of your organisation.

Download the insider threat book “Protecting Your Business From Insider Threats In 7 Effective Steps

How Can We Help You?

On a scale from 1 to 10, are you concerned that you might have a possible malicious actor within your organisation but don’t know whom it could be?

On a scale from 1 to 10, are you concerned that you might have a possible insider that unintentionally is placing your organisation at risk but don’t know whom it could be?

If your total score is less than 15, than contact us urgently to schedule a free consultation – or +61 2 6282 5554 or register your details here –


Did You Know That All data Theft Is An Insider Job?

Did You Know That All data Theft Is An Insider Job?

They say that “Data never leaves the organisation by itself”.

What if one of your salesperson or business people took your strategic plans with them to start with a competitor? Or what about the new employee that started with your business brought a whole heap of customer relationship material content from the previous employer?

By and large, we define the theft of corporate data in which current or former employees, contractors, or business partners steal confidential or proprietary information from the organisation and used it to get another job, help a new employer, or promote their own side business.

Here are a few examples

  • Sage – A UK based accounting company employee, used unauthorised access to steal private customer information of 280 of its business customers;
  • KB Kookmin Bank, Lotte Card and Nonghyup Bank– The worker, who had access to various databases at the firm, had secretly copied personal data of 20 million South Koreans onto an external drive over the course of a year and a half;
  • Boeing – An employee managed to steal hundreds of boxes worth of documents pertaining to military and spacecraft from 1979 to 2006;
  • NSA – A former NSA contractor stole troves of classified information over the course of two decades;
  • Tesla A former employee, copied more than 300,000 files related to Autopilot source code as he prepared to join China’s Xiaopeng Motors Technology Company.

Here is the revelation. Data theft is always an Insider Job. How can that be I hear you ask? Here are the following ways data can leave the organisation.

  • The Compromised Insider are those that you are most familiar with… These insiders had their computers infected with malware. These employees are typically infected via phishing scams or by clicking on links that cause surreptitious malware downloads. Computers of compromised insiders can then be used to exfiltrate data.
  • The Dissatisfied Insiders are those employees that are disgruntled and aggrieved by their organisation denying them their request – whether this is a wage raise or more responsibility or a new position within the firm. In turn, this decreases their desire for their insider to contribute to the organisation and their sense of loyalty diminishes. Dissatisfaction often spurs the person to look for other jobs. Once the insider receives a job offer with a competing firm, the insider desire to steal the information is amplified by their dissatisfaction with the current employer;
  • The Entitled Insiders are those that they believe that they are entitled to information and therefore they think they have the right to take the information with them. This sense of entitlement can be particularly strong if the insider perceives their role in the development of products as especially important. Secondly, the longer they work, the more entitled their sense of entitlement grows;
  • The Ambitious Insiders are those employees who recruit other insiders to steal information, essentially an “insider ring”. Not content on stealing information, they want the entire program, product line and need more complex scheme to get it.
  • The Coerced/Collude Insiders are those employees that are either coerced or collude with an external party. Outsiders recruit insiders to commit the theft of information.
  • The Careless Insiders are those employees who do not follow proper IT procedures. These insiders accidentally release corporate information to the public (such as posting sensitive data online with no security credentials; sending out emails with sensitive data to the wrong recipient; leaving their USB or other portable devices in public areas);
  • The New Arriving or Departing Employee are those that either bring information with them from the previous employer or take information to their new job;
  • The Trusted Business Entities are those organisations such as partners, vendors and contractors that have access to the organisation critical assets. The same type of patterns as stated above applies above to trusted business entities. They too can be compromised, coerced, act carelessly, feel that they are entitled to take information with them outside the organisation.

Here is the challenge

You cannot detect the theft of data until it is in the act of being stolen – as it is being copied to removable media or emailed to another network. In other words, your window of opportunity is quite small and therefore, you will need to pay close attention when you see indicators of heightened risks of insider theft.

What Can You Do?

Here are some suggested recommended steps to minimise the potential of data loss whether it be unintentional or theft.

  • Identify all critical assets that your organisation has;
  • Develop trusted access to your critical assets. Continuously review and adjust access controls for those that need it;
  • Pay careful attention to your employee behavioural precursors;
  • Develop an IP agreement with all employees and trusted business partners that ensures that they understand ownership of the asset;
  • Ensure employees and trusted business partners follow corporate policies and procedures;
  • Consider whom within your organisation who needs to use removable media;
  • Pay close attention to resignation (30 days before and 30 days after);
  • Monitor for user activity actions and monitor for system and data anomalies;

How Can We Help You?

On a scale from 1 to 10, are you aware of all your critical assets within your organisation and who has access to them? Are you concerned that someone is exfiltrating your critical information? Are you interested in identifying vulnerabilities that put your information assets and business continuity at risk? If so, register your details here and someone from the Naked Insider Group will contact you.

Contact Us

For more information, you can reach us at the following: OR give us a call at: +61 2 6282 5554.


Who Is An Insider And Why It matters To You?

Who Is An Insider And Why It matters To You?

Ask most businesses to name their biggest security threats to their organisation and they will probably reel off a list of external sources such as hackers, malware, ransomware, social engineering, phishing, denial of services attacks and lots more.

Yet, most often than not, the greatest risk to any organisations comes from within. The disgruntled employee, the rogue user, the financially motivated member or even the unintentional person that accidentally disclosed sensitive information can have a severe impact on the organisation.

Insider threats are an intriguing and complex problem. Some assert that insider threats are considered the most difficult problem to deal with because the “insider” has information, knowledge, capabilities and trust to easily evade organisation security policies, procedures and other controls.

The important thing to remember is that all insider incidents are not alike. They are unique to each organisation. However, there are some distinct similarities and common properties for all individuals.

Who is an Insider?

  • An insider is anyone – an employee, a past employee, a contractor, a vendor, a partner, even a family member that has or had access to organisations assets;
  • An insider is someone that is either fully or partially trusted;
  • An insider is someone who was or is a system user;
  • An insider is someone who has or had certain privileges;
  • An insider is someone that has some degree to access specific assets (degree of “insiderness”)
  • An insider is someone who has knowledge, skills and capabilities;
  • An insider is someone that has motivation and intent to act to achieve their goals;
  • An insider is someone that has a reasonable understanding of the organisation underlying information technology platforms;
  • An insider is someone who has control over some of the assets that they associate with;
  • An insider is someone who possesses the power to act as an agent of the organisation;

The Threat

According to the Insider Threat Division of CERT, an Insider that harms the organisation whether it be intentionally or unintentionally has the following characteristics:

  • Has or had authorised access to an organisation network, systems or data; and
    • (Malicious) Intentionally exceeded or misused that access in a manner that


  • (Unintentional) through their action/inactions without malicious intent that
  • Negatively affected the confidentiality, integrity and availability of the organisation asset

Why is it that important for you?

The impact of an insider incident can be multi-faceted – Financial loss, operational disruptions, reputational harm, loss of confidential/proprietary information, loss of customers, loss of employee morale, loss of clients, long term impacts on the organisation culture and potentially life and company threatening.

Any motivation or an innocent act can, therefore, have a devastating effect on the organisation.

What is the ultimate objective of the insider threat mitigation program?

The goal of the insider threat mitigation program is to avoid catastrophic consequences regardless of motivation.

What Can You Do Moving Forwards?

Insiders will act unexpectedly and it is something that you are unable to control.  Every person within the organisation is unique in their beliefs, values, goals, their thinking and their associated disposition.

The unpredictable of human behaviour has its implications on organization trust. Think about it this way – most people are not entirely logical or consistent in their behaviour. And as a result, strong security posture isn’t achieved by deploying the typical technology controls.

Be aware that security is context-dependent. Motivation and intent are clearly important in defining insiders. While intent (the purpose of actions) is at least partially observable, motivation (the stimulation to act) is not.

Developing effective strategies to mitigate insider threats requires a two-prong approach

  1. Security controls and policies that are able to prevent, detect, deter, disrupt and respond to insider threats.
  2. Employee engagement programs so that insiders are “shaped” to act in the best interest of the organisation.

How Can We Help You?

Interested in identifying strategies in how your organisation can increase its effectiveness ability to prevent, detect, deter, disrupt and respond to insider threats then get in touch with Naked Insider or contact us +61 2 6282 5554 or feel free to fill out the form of the Naked Insider website:

In addition, download Naked Isnider insider threat book (free) “Protecting Your Business From Insider Threats In 7 Effective Steps

Take The Challenge

How resilient is your business from insider threat harm? Would you be interested in finding out how you compare to your industry peers? Would you be surprised to know that most organisations that have taken this assessment are somewhat vulnerable? To find out more,

Contact Us

For more information, you can also send them an email at: Or give us a call at: +61 26282-5554.


Why Data Loss Prevention Tools Are Failing To Stop Insider Theft

Why Data Loss Prevention Tools Are Failing To Stop Insider Theft

On the 25th of June, McAfee one of the biggest security software companies in the world filed a lawsuit against a number of the former employees, accusing them of stealing trade secret before starting new positions with Tanium (a competitor).

To carry out the alleged theft, the employees did not use the type of sophisticated technology that you might expect. Instead, according to the lawsuit, confidential company information was moved to unauthorised USB devices, as well through private email addresses.

Ironically, a company that professes to be the leader in security solutions around Data Loss Prevention suffered its fate.

Lets first identify Data Loss Prevention objectives. The role of DLP technology is to identify, monitor and protect data in storage as well as in motion over the network. DLP systems are used to enforce those policies to prevent unauthorised access or usage of confidential data. Data loss can occur due to intentional misuse, leakage, carelessness or theft.

The question then stands up as to why didn’t McAfee utilise its software to protect its intellectual property?

  • Is it because its DLP solution is ineffective? Or
  • Is it because they trusted their people and decided not to use the software to protect their assets? Or
  • Is it because it was misconfigured and didn’t detect the data theft? Or
  • Worse case, it just didn’t catch the incident?

The Insider Threat Division of CERT published a number of key points when it comes to information theft:

  1. Most insiders that steal information as they are leaving the organisation;
  2. Around 75% of insiders that took information has authorised access to it;
  3. It’s tough to detect such theft as they are already have authorised access and usually steal it during business hours

But the question remains. Why do Data Loss Prevention (DLP) solutions are no longer effective?

Part of the challenge is that data has never been more portable. So taking it has never been easier. Sales lists, product specs, pricing information, payroll data and even contact lists are just a few examples of small but critically essential files that are simple to take. Employees can store hundreds of gigabytes on their mobile devices, put 1TB or more of data on removable media, or quickly transfer data to personal cloud storage services like Dropbox.

Not only is data moving around more, but so are employees. The median tenure of U.S. workers ages 25 to 34 is just 2.8 years. And as they move from company to company, they take data with them.

The second part is that implementing data loss prevention technologies is cumbersome to deploy and realising the full value is problematic (incomplete deployments is common). On top of it, DLP solutions require considerable maintenance, resources and endless fine-tuning.

However, the main challenge with DLP solutions is that it is trying to solve a technology problem, which isn’t a technology problem. It’s a “people” problem.

Data by itself does not walk out of the building. It requires the action of a person.  

The question is why do people steal information? According to Insider Threat Division of CERT, majority of information theft is not for financial gain, but rather they take it with them as they leave the organisation or to take to a new job, give to a foreign country or start their own business.

There are two key variables in this equation.

cause and effect relationship is when something happens that makes something else happen. In this example, data is being exfiltrated (effect) as a result of an action caused by someone (cause).

DLP solutions focus on the result (Effect). But such prevention technologies will never solve the real issue… which is “fixing” the real cause of the problem – “people” and their associated intentions…Why are they acting this way? How do we mitigate their behaviour? How do we deter and disrupt their behaviour from committing such malicious acts?

 What Can You Do?

It is critically important that all levels of management and executive recognised and acknowledge the threat posed by their current and former employees, contractors and business partners to take appropriate steps to mitigate the associated risks.

To better protect your business from information theft, here are some best practices that I suggest you adopt:

  • Identify your critical assets
  • Periodically review and adjust your access controls for critical assets.
  • Recognise efforts at concealment
    • Insiders exhibited an unusual degree of possessiveness on their equipment
    • Ability to detect illicit actions
  • Have a process where employees can report suspicious behaviour
  • Pay close attention around resignation.
    • The one month window or maybe more
    • Consider targeted employee monitoring
    • Establish consistent EXIT procedures
  • Develop and enforce proper use of removable media
  • Develop and enforce proper use of personal email
  • Monitor for user, data and system anomaly behaviour
  • Establish policies & procedures that your trusted business partners understand
  • Develop an IP Agreement that new employees are employed
    • Ensure they have not brought any IP from the previous employer
    • Ensure any IP developed in house belongs to the employer

How Can We Help You?

Interested in identifying strategies in how your organisation can increase its effectiveness ability to prevent, detect, deter and respond to insider threats then get in touch with Naked Insider or contact us +61 2 6282 5554 or feel free to fill out the form of the Naked Insider website:

Contact Us

For more information, you can also send them an email at: OR give us a call at: +61 26282-5554.


Why Do Some Organisations Have Higher Employee Turnover?

Why Do Some Organisations Have Higher Employee Turnover?

Who doesn’t own bad habits? We are all human. And these bad habits tend to “pop up” at times when our emotions get drawn out as a result of frustrations, anger, stress and fear.

Unfortunately, when you have bad habits in business, then it could potentially spell trouble for your business.

In a recent Leadership Survey conducted by the Australian Institute of Management (AIM) found out that 72.28% of participants stated that they had left an organisation in their last three roles because of the leadership team, their direct manager or a combination of both.

According to AIM, this clearly sends a message that poor leadership will not be tolerated by a large proportion of employees and businesses will pay a heavy price for employing the wrong and ineffectual leaders.

In fact, 40% of respondents explicitly nominated ‘poor leadership’ as a contributing reason for leaving their job.

What is the cost to the business as a result of poor leadership?
According to AIM, there are two specific costs associated with high employee turnover as a result of poor leadership:

1.  Retention costs. Losing skilled staff is a major problem. Recruiting a new hire is an expensive and time-consuming process. In the US, when an employee quits their job, businesses spend around 60% of the employee annual salary to replace them. In Australia, it is reported that it costs the Australian business around $3.8 billion annually.  
2.  Engagement costs. Engagement is strongly connected to business outcomes that are essential to an organisation’s financial success, including productivity, profitability, innovation, growth, revenue and customer success according to extensive research conducted by Gallup. On the flip side, a culture of disengaged employees puts the business in sever risk.

But, I will add a further cost item. In a previous article “Why Would Amazon Pay $10,000 To Employees To Quit Their Job”, I mentioned that there were four types of engaged employees. The last of these types of employees – Highly Disengaged employees are extremely risky for the organisation.

3.  Cost of keeping highly disengaged employees. These are the “D” players who actively checked out, but still, want their paycheck. These are people who actively doubt the organisation mission and vision, speak ill of the organisation and its leaders. These are the employees that have flaunted organisation corporate policies as a result of poor and ineffective leadership. Yet, if cornered, these are the employees that will certainly place the organisation at serious risk by committing either sabotage, fraud or theft as a result of being aggrieved.    

The link between leadership and employee engagement is undeniable. The bottom line of this debate is how it affects businesses’ bottom line: good, effective leadership invariably leads to increased productivity and profit.

How Can We Help You?
On a scale from 1 to 10, how balanced do you think the organisation engagement is? On a scale from 1 to 10, how balanced do you think are the employee’s values aligned to corporate values?

If either of the above scores is below 5, then you should reach us for a free employee-employer value assessment.

If you want to improve your engagement, alignment, and get clear and actionable strategies that will help you break through employee-employer disengagement,

Naked Insider is offering you a FREE employee-employer value assessment that will provide you with the visibility and understanding of what drives behaviour within your organisation.

To register your interest, please reach out to Naked Insider and we will help you with the process.

For more information, you can also send an email to Or give us a call at +61 26282-5554.

The Australian Institute of Management Leadership Study –