Recently I have covered a couple of incidents that revolve around a betrayal of trust – often called the insider threat:
The Insider Threat – it may be at the top of the company… – Smart Thinking Solutions
The Insider Threat and $250,000 – Smart Thinking Solutions
This got me thinking and reading about the problem (Arsenault. (2022) and Colwill. (2009) among others), as it is one of the hardest cyber security breaches for any organisation to defend against. To operate you have to trust someone with sensitive information, to get a job done, then they betray that trust.
I know of a business who said they trusted no-one, they are a one-person company. I thought this was odd when I got involved with them, as the company appeared to be successful and undertaking more projects than a single person could manage. When I examined their set up, I soon discovered that to do this work a range of sub-contractors were employed located around the world – all of whom were trusted with sensitive client information, and that was just the start. I created several schemes, policies and procedures to add some reassurance and resilience to this operation, all to mitigate the “unseen” insider threat.
There are few technical solutions that will work, as they usually impede the workflow and so negate their effectiveness. Activity logging may be a deterrent but is often only good after the event for evidence of wrongdoing.
Here is one tip on how to mitigate it:
- Take steps to prevent the use of USB portable storage devices – and monitor this to check they are not used.
I have started an occasional series over on our online training site CyberAwake, examining the insider threat and possible mitigation that smaller organisations can implement. Part 1 was yesterday, part 2 is tomorrow, with further installments to follow.
The Insider Threat – the threat landscape and the first steps… – CyberAwake
Have a look it may give you some ideas and prevent information leaking from your organisation.
Clive Catton MSc (Cyber Security) – by-line and other articles
Further Reading
If you must use portable USB drives, then you must read this…
It happens to the biggest of companies:
Do you need some training?
References
Arsenault, B. (2022). Microsoft publishes report on holistic insider risk management. Microsoft Security Blog. Retrieved 12 October 2022, from https://www.microsoft.com/security/blog/2022/10/06/microsoft-publishes-new-report-on-holistic-insider-risk-management/.
Colwill, C. (2009). Human factors in information security: The insider threat–Who can you trust these days?. Information security technical report, 14(4), 186-196.