“I trust everyone, it is the devil inside that I do not trust,” is a great line from the movie The Italian Job. Every single person has the potential to do harm if the right circumstances occur. Yes this includes employees. This presents a great deal of trouble to security experts. Why is it that once a total stranger is hired at your company, you now completely trust that person? Just because they are now called an employee does not mean they have loyalty to your organization and would do nothing to hurt the company. Many organizations perform no background checks and no reference checks and as long as the hiring manager likes them, they will hire them. Many people might not be who you think they are and not properly validating them can be an expensive, if not a fatal, mistake. Because most organizations hire complete strangers, without consulting security experts, and then give them access to sensitive data, all organizations must worry about the insider threat. Too much paranoia can cripple an organization but the right amount can protect it. Just ask yourself a couple of simple questions:
- If someone was fired from a previous company for stealing or unethical activity, would you know?
- If someone was currently stealing or perform stealthy activity against your organization today, how would you know?
When an organization posts a job opening, it can take weeks until the first interview occurs. All a competitor has to do is prep someone to ace the interview and then they are in. The fact that it can be this easy to get on the inside is a pretty scary thought for organizations and security experts. Once that competitor insider is hired by the company, the competitor organization has the potential to steal sensitive organizational data. Think about it, this is the same process that foreign governments use to plant a spy in a United States agency. Foreign governments know that a key criterion for that person is passing the polygraph, so they will put that person through intensive training so that he or she can pass the polygraph with no problem. This points out a key disadvantage that organizations, and even security experts, have. The attacker knows what process you are going to follow to hire someone and all they have to do is prep someone so they ace that part of the process. Because these attacks are being perpetrated by trusted insiders, you need to understand the damage they can cause; how to build proper measures to prevent the attack; how to minimize the damage; and, at a minimum, how to detect the attacks in a timely manner. Many of the measures companies deploy today are ineffective against the insider. When companies talk about security and securing their enterprise, they are concerned with the external attack, forgetting about the damage that an insider can cause.
Since everyone uses different terminology, it is important to define what we mean by insider threat. The easiest way to get a base definition is to break the two words apart. According to www.dictionary.com, insider is defined as “one who has special knowledge or access to confidential information” and threat is defined as “an expression of an intention to inflict pain, injury, evil, or punishment; an indication of impending danger or harm; or one that is regarded as a possible danger.” Putting this together, an insider threat is anyone who has special access or knowledge with the intent to cause harm or danger. While no one wants to admit it, it is worth looking around your organization and consulting security experts to see if there are any insiders that are causing harm to the success of your organization.