The insider risk

We have a training session that just covers the issue of what happens when a trusted member of your team goes rogue, either by accident or, worse, deliberately. This is the insider threat – an organisation cannot operate without trust and if that trust is abused what can you do. We look at and discuss strategies to mitigate the issue before it becomes a problem and what to do if the trust is abused.

We have had to investigate cyber incidents where it was a classic insider threat and in one case it was because the client had hired a PA from abroad. The initial review of the engagement seemed OK as they had a recommendation from another freelancer working for the organisation. The connections was supposedly professional having both worked previously for a third party – and there was plenty of good looking paperwork to support this and even an email! However on investigating further, we discovered the two freelancers actually know each other well enough to collude on the fraud!

Since then we have developed for this client and others procedures to hire freelancers from abroad and to protect the organisation once they are working inside. These sessions are only available to bona fide senior management, board members and company owners – you will need to provide credentials to be accepted onto the courses.

Here’s a warning from the US Government of the insider threat but on the scale of international politics:

US warns over risk of hiring North Korea IT workers – BBC News

FBI warns of North Koreans posing as foreign IT workers • The Register

Clive Catton MSc (Cyber Security) – by-line and other articles