Posted in Insider Threat Management

The Truth is Out There, but the Threat Is Already Inside

Despite what you may have heard, not all cybersecurity threats come from outside the firewall or beyond your building’s walls.

Though we may “want to believe,” there are numerous opportunities for your employees or contractors to cause damage from within. These insider threats can cause upwards of $8.76 million in damage, on average for a single organization, according to an independent study performed by The Ponemon Institute.

But this should come as no surprise. (So put those tin-foil hats away!)

We witness examples of poor planning, coverage gaps, and negligence on a nearly daily basis from insiders. At times, we too can provide these examples. But why does this happen? Is it a matter of too few policies (or too many), a lack of 2-way trust, knowledge that activity is shrouded by poor visibility, or something else entirely?

The answer, is a little of this and a little of that.

Trust, Motivation, and the Human Element

By default, we are trained to focus on the here and now. What do we need to do our jobs efficiently, well, and at the lowest cost? The driving force to “get the job done” is also the primary motivator for potential insider threats.

As a result, we often don’t consider the possibility of an insider threat incident before one occurs. The same can be said for non-cybersecurity incidents, including: car accidents, fires, flooding, tornados, personal health issues, etc.

But the more frequently that situations like insider threat-caused data leaks occur, the more likely they will be “top of mind.” It’s no coincidence. We are driven by avoiding disaster, once we have proof the disaster can happen to us!

 “If coincidences are coincidences, why do they feel so contrived?”
– Fox Mulder

While this quote is from a fictional TV show, The X-Files, it has a lot of meaning in the context of proactive cybersecurity efforts. An insider threat incident occurring is not a coincidence, if there were indicators for potential risk and activity present and nothing was done to stop it. It is crucial to arm yourself with the People, Process, and Technology needed to mitigate the risk of an incident. To do otherwise only welcomes disaster.

“The truth is out there.” What are you doing to tackle the true potential for insider threats?