The Insider Threat
I wonder if you have heard of this phrase, but when you conjure up an image of an insider threat, you picture a ‘spy’ of some description covertly downloading information from the servers and passing the information on to competitors, in order to steal business or ruin yours? Well, you may not be far wrong. Or at least, that may be one description. In fact, the insider threat can come in many forms, but they usually fall into two categories; intentional and unintentional (lest we go into legal arguments).
Let’s deal with the former first. With the rapid increase in sophisticated hacking technology comes also an increase in technical and IT countermeasures; some successful, some not. There is a risk and time element to competitors or sponsors of hackers when using what we would recognise as conventional hacking methods using IT. Therefore, what better way to gain access to the required data or materials than to place someone within the business ‘legitimately’? Easy to do if there is an ongoing recruitment process, but maybe a little harder if there isn’t. In this case, recruitment from staff already in place would mean that there would be a wealth of information, materials and intelligence to be gained from systems without leaving a trail back to a computer, wherever it may be. Or, how about using a contractor or someone in the supply chain to access the property which is not on a computer? Maybe even a disgruntled former employee? There are many candidates.
The latter is more avoidable, but relies on the company creating the correct policies, ensuring that they are understood and practised by all, monitored and reviewed regularly. In other words, breeding a security culture, where everyone is empowered and all are aware of the significance and the consequences of a breach, whether that is of the physical or cybersecurity. There are numerous examples of individuals unwittingly being ‘tailgated’ into buildings without having first been checked, or plugging in mobile devices without authorisation, or even opening emails or websites thinking they would ‘only be a minute’ checking their latest mail order. After all, what harm could it really do?
In its simplest form, espionage has long since been an effective means of getting ahead of the competition or dispatching them quickly without them knowing where the threat came from in the first place. It has gone on for centuries and still goes on to this day. It is not a thing of fiction and only played out in movies, but it is a multi-billion dollar industry. The same individuals or groups (state-sponsored or operating from a back bedroom) will prey on weaknesses in any security posture and without prejudice.
All companies, regardless of their business, are vulnerable to attack or breach. Many of these weaknesses and risks can be mitigated with relevant expert services such as corporate investigation, good training and strong leadership, but they won’t go away just because an organisation hasn’t yet been exposed to threat or risk.
If you would like to contact us in complete confidence and discuss your circumstances, we would be delighted to hear from you, regardless of location, sector or organisational objective.