Insider Threat Info
March 15, 2021
Few people want to talk about trust within an organization. Even fewer bring up blackmail, outright dumbness, or selling secrets for cash. These topics do require discussion. Where organizations are at this moment is in a very tough spot.
Cyber security vendors will email white papers, give Zoom pitches, and accept money for licenses to software which managed to miss the antics of the SolarWinds’ bad actors for — what was it — six months, a year, maybe almost two years. Yeah.
Executives will turn cyber security over to a team, a new hire, a consultant or two (McKinsey & Co. has some specialists awaiting your call), and one or more information technology employees. Did I leave anyone out? Oh, right, senior management. Well, those men and women are above the fray because security….
The trade publications will comment, quote, explain, and create nifty diagrams. I use a couple of these in my cyber crime lectures. They add color, but not much information. Oh, well, arts and crafts are important.
The allegedly responsible parties dodge those digital balls flung by fast twitch bad actors.
Articles like “What Are Insider Threats in Cyber Security” are, therefore, helpful. In a few hundred words an outfit called News Patrolling offered some helpful information. For example, I found this passage on point:
the human factor is often the most difficult to control and predict when it comes to data security and protection.
The write up provides a run down of insider threat “types”; for example, the turncloak, the pawn, and the collusionist. Some are left out like those I identified; for instance, the dumb ones. The catalog of insider attack types is acceptable, but some types are omitted; for example, people who sell data on in an encrypted Telegram group or the person who throws away high value trash unwittingly or as a new age brush drop.
Nevertheless, this is a useful write up to discuss with colleagues. Maybe the conversation should be held in a Starbuck’s in Silicon Valley. Loud talking is okay.
Stephen E Arnold, March 15, 2021