This article came about from a comment I made in What’s in your email?. I was asked how you spot the insider threat. The quick answer is you cannot. End of article, send for proofing!
OK let’s discuss the insider threat
First a quick and dirty definition of the “insider threat”:
Someone who betrays a trust either deliberately for some type of gain or accidentally through lack of training, over-sharing or lack of care. These actions lead to a compromise of the organisation’s information.
Trust
So here is the issue: for your organisation to produce widgets or service clients, or whatever you do, you will need to trust someone, somewhere, with valuable information.
Now I can hear the one-person companies jumping in now, saying, “there is only me, I do not trust anyone!”. But is that true?
Do you really do all the work yourself?
I had this discussion with a client and although they were a lone wolf, having shed staff members because of issues, they still sub-contracted work. They operated a loose “principle of least privilege” for those contractors – a good place to start when addressing the insider threat – but a shallow dig through the business process revealed that they were trusting more than they thought and there was a trust that could be betrayed.
What does your business continuity plan say will happen if something happens to you?
That is the question! You do not want clients asking you this if it is true and you really do not have anyone on the inside of your organisation. Because if no one is on the inside, you have no insider threat, but your clients do not have continuity of service if something happens to you.
Solve the insider threat – a starting point
It is not trusting people but sorting your information.
We have come to the end of today’s article so tune in next week for the explanation of data classification. And I have almost finished my coffee.
For an explanation of that statement have a look at this article on Smart Thinking Solutions.
BYOD Bring-Your-Own-Device – A Primer (pt.1)
Clive Catton MSc (Cyber Security) – by-line and other articles
Further Reading
I have written about the insider threat before:
The Insider Threat – the threat landscape and the first steps… – CyberAwake
Back again, because that insider threat has not gone away… – CyberAwake
The Insider Threat – History is a Circle! – CyberAwake
Featured photo by Christina Morillo
Coffee photo by www.clivecatton.co.uk