14 February 2023
I’ve been a little quiet lately. End of year is my busiest time. But we’re all busy and we have to make choices about what gets done, right? One item that doesn’t get enough attention these days is insider threat. The idea is that the people you trust the most – and therefore have the most access to sensitive information – can be the ones that hurt you the most. You may not want to hear about those closest to you hurting you, especially on Valentine’s day. But let’s be clear-headed about the risks.
As cyber security practitioners, we must take into account the risks associated with access to sensitive information. I work in a space that focuses on supply chain, but even well-run shops are at risk for insider threats. Trusted employees that, for whatever motivation, inflicts damage or steals sensitive information. On such incident was reported recently where an employee took SSN’s, pay information, account information, etc before leaving the company. You can read more about it here: https://www.reuters.com/business/finance/credit-suisse-staffer-took-salary-data-bloomberg-news-2023-02-14/
Have you checked your insider threat controls for effectiveness lately?