Insider Threat: Worse Than Poisoned Open Source Code and Major Operating System Flaws?

October 5, 2022

Here’s a question for you.

What poses a greater threat to your organization? Select one item only, please.

[a] Flaws in mobile phones

[b] Poisoned open source code

[c] Cyber security and threat intelligence systems do not provide advertised security

[d] Insider threats

[e] Operating systems’ flaws.

If you want to check more than one item, congratulations. You are a person who is aware that most computing devices are insecure with some flaws baked in. Fixing up flawed hardware and software under attack is similar to repairing an L-29 while the Super Defin is in an air race.

Each day I receive emails asking me to join a webinar about a breakthrough in cyber security, new threats from the Dark Web, and procedures to ensure system integrity. I am not confident that these companies can deliver cyber security, particularly the type needed to deal with an insider who decides to help out bad actors.

NSA Employee Leaked Classified Cyber Intel, Charged with Espionage” reports:

A former National Security Agency employee was arrested on Wednesday for spying on the U.S. government on behalf of a foreign government. Jareh Sebastian Dalke, 30, was arrested in Denver, Colorado after allegedly committing three separate violations of the Espionage Act. Law enforcement allege that the violations were committed between August and September of 2022, after he worked as a information systems security designer at the agency earlier that summer.

So what’s the answer to the multiple choice test above? It’s D. Insider breaches suggest that management procedures are not working. Cyber security webinars don’t address this, and it appears that other training programs may not be pulling hard enough. Close enough for horse shoes may work when selling ads. For other applications, more rigor may be necessary.

Stephen E Arnold, October 5, 2022

Comments

Comments are closed.

  • Archives

  • Recent Posts

  • Meta