The Insider Threat – An Investment. (pt.4)

by
anyone could be an insider threat - either malicious or accidental

Before we start this next article in my Insider Threat Primer, I need to address a question that a client raised with me this week.

“How common is the insider threat?”

Let me quote the UK’s National Cyber Security Centre (NCSC) here, “Malicious insider activity is relatively rare…”. So there you have it, do not read this primer if the insider threat is a risk you could live with. However, you know that I do not really believe that!

The first point you should consider is the continuation of the quote from the NCSC, “…but can have a major impact on an organisation when it does occur.” So, the risk may be small, but the costs can be significant. The second point I would raise is that the quote says “malicious” – most of the insider activity I have seen and dealt with has been accidental. The investment you make to mitigate the slight risk of malicious insider activity works just as well to mitigate the accidental activity.

The Insider Threat and Big Brother

Well, maybe the “threat of being caught” works in a slightly different way. People take more care of your information when they know their performance at work is being measured. Monitoring has already been discussed as an effective tool in managing the insider threat – but when I have suggested monitoring and logging user activity, people think of 1984 and I have encountered resistance at all levels of an organisation. But my suggestion is more easily accepted when I rephrase it as a “tool to protect the innocent” or a way of “disproving the accusations of others”.

Remember you are dealing with mostly honest people so phrasing your mitigation in those terms is today’s take-away. If you do not treat your team as people there can be consequences – a different kind of insider threat is discussed here.

Next

“What else can I do?”


Clive Catton MSc (Cyber Security) – by-line and other articles

Further Reading

The Blame Game

The Insider Threat Primer

The Insider threat – Not just a question of trust. (pt.1) – CyberAwake

The Insider threat – Start thinking about sorting. (pt.2) – CyberAwake

The Insider Threat – Mitigation. (pt.3) – CyberAwake

Photo by cottonbro studio

Contact us for consultation

Wake up to cyber threats..

The Insider Threat – An Investment. (pt.4) Cyber Awake
HQ Based between Newark and Lincoln

Get in touch

CyberAwake
Unit 2 Kingsley Court
Kingsley Road
Lincoln
LN6 3TA
United Kingdom

01522 508089

useful links

Website Cookies Icon

This website uses cookies to ensure you get the best experience on our website. Click for more information.

accept & Close