Recent cyber attacks also point towards organizations primary vulnerability. Insider threat is more common than cyber-attack. Despite the media focus on cybersecurity, it is important to be aware of insider threat.
The authors shared ten lessons on insider threat. Though these are experiences in respect to an alternate field continuously exposed to security threats, nevertheless, it is important to know the significance and implications of these.
Below, excerpts from “A Worst Practices Guide to Insider Threats: Lessons from Past Mistakes” by Matthew Bunn and Scott D. Sagan published by AMERICAN ACADEMY OF ARTS & SCIENCES.
Even this brief comparative look at insider threats illustrates that such threats come in diverse and complex forms, that the individuals involved can have multiple complex motives, and that common, though understandable, organizational imperfections make insider threats a difficult problem to address adequately. Most nuclear organizations appear to underestimate both the scale of the insider threat and the difficulty of addressing it. Serious insider threats may well be rare in nuclear security, but given the scale of the potential consequences, it is crucial to do everything reasonably practical to address them. The main lesson of all these cases is: do not assume, always assess—and assess (and test) as realistically as possible. Unfortunately, realistic testing of how well insider protections work in practice is very difficult; genuinely realistic tests could compromise safety or put testers at risk, while tests that security personnel and other staff know are taking place do not genuinely test the performance of the system.
Lesson #1: Don’t Assume that Serious Insider Problems are NIMO (Not In My Organization)
Lesson #2: Don’t Assume that Background Checks will Solve the Insider
Lesson #3: Don’t Assume that Red Flags will be Read Properly
Lesson #4: Don’t Assume that Insider Conspiracies are Impossible
Lesson #5: Don’t Rely on Single Protection Measures
Lesson #6: Don’t Assume that Organizational Culture and Employee Disgruntlement Don’t Matter
Lesson #7: Don’t Forget that Insiders May Know about Security Measures and How to Work Around Them
Lesson #8: Don’t Assume that Security Rules are Followed
Lesson #9: Don’t Assume that Only Consciously Malicious Insider Actions Matter
Lesson #10: Don’t Focus Only on Prevention and Miss Opportunities for Mitigation
A Worst Practices Guide to Insider Threats: Lessons from Past Mistakes
Sentiment Analysis in the Context of Insider Threat
Reactive versus proactive Information Security
Given the existing cyberenvironment in which enterprise devices (IoT) exists, it is pertinent to adopt a defense posture that is ahead of the adversaries. Definitely deploying defense in depth and adopting controls based on attack modes are not sufficient. Concurrently, it is impossible to encapsulate assets and resources with all possible controls in proverbial and not practical. Adopting a pragmatic approach based on right strategy that consists on being ahead of adversaries and staying ahead of adversaries is critical.