Seven Profiles Of Highly Risky Insiders

To understand these insiders and why they pose a risk, start by looking at the root of the problem.

There are plenty of articles with scary numbers about the size and scope of the Insider Threat. This isn’t one of them – you already know it’s a huge concern and that few organizations maintain a reasonable level of control over it. So where do you get started? By looking at the root of the problem to understand who these insiders are, and why they pose a risk.

You may be tempted to match these insiders to specific jobs or roles. But it’s best to resist such an impulse, because insider traits emerge throughout an organization, regardless of a threat’s position. To lend clarity, here are seven profiles of common high-risk insiders.

Convenience Seekers like to ignore protocol. The "official" way to do things is too long, difficult, or complicated. Or they may prefer their own methods, such as opting for their preferred file-sharing service instead of a corporate one. They’ll also frequently use personal email to get around performance or attachment size limitations.

Accidental Victims make mistakes, perhaps because of a lack of training (or learning) of proper processes and systems. Accidental Victims will hit the wrong button, send a document to the wrong "Bob" or otherwise make an honest mistake. Most likely, our Accidental Victims are tired, stressed or distracted when they do these things. They’re especially vulnerable because external threats often "create" fear and panic as part of a phishing scheme or phone scam, so their targets won’t realize that they’re being set up.

Know-It-Alls want to "contribute," "show value," and be visible whenever possible. Unfortunately, they may over-share information in an email response. They might respond to a request when someone more qualified should. Or they could initiate communications about topics with less than the required tact or subtlety. They’ll post on social media before they think about sensitive topics such as unannounced quarterly results. Some Know-It-Alls will intentionally seek to steal or manipulate sensitive information for fun, out of curiosity – or to prove they can.

Untouchables do not believe that any of the "scary stories" could happen to them. They’ve earned privileged access, and they’re copping a cavalier attitude about it. IT personnel may constantly take advantage of their super-user credentials out of convenience, for example, only to cause malware infection of a mission-critical server when they open a highly targeted phishing email. Auditors, financial execs, developers, and others with privileges could retain too much information locally, then lose their laptop, or leave it out in the open for a thief to swipe.

Entitled Ones are convinced that they have a right to certain types of data, or to do things their own way. They ignore process or policy. They’ve concluded that they "own" data, including customer lists, source codes, scientific research, and process documentation/templates. And while we normally associate the C-suite with those who do not feel the rules apply to them, anyone can develop this attitude at any level of the company.

Traitors are malicious employees. Sometimes, they’re hatching a plot at the time of being hired. More often, however, they harbor good intentions on the first day of work, but lose their moral compass after falling into debt or growing disgruntled over a lack of upward mobility and/or a salary increase. Or they internalize destructive discontent due to differences with colleagues, bosses, or the organization itself.

Secret Insiders aren’t supposed to be inside at all. But that’s where they are, having effectively executed the first stage of an external attack: gaining a foothold inside the network. (While we’ve focused on "defenses" against such attacks for the last few decades, the reality is that a breach will be successful at some point.) At this stage, Secret Insiders have network access, and security requires that measures be in place to "detect" such a breach. But, unlike the six aforementioned high-risk profiles, they are professional hackers. They’re motivated, knowledgeable – and now command all of the access and privileges of an insider.

For better or worse, security options have evolved from early login IDs/passwords, firewalls, and desktop anti-virus (AV) products to dozens of solutions that work in concert to protect the network, users, and data. An Insider Threat program will implement many of these, such as access controls and data loss prevention (DLP) tools, along with well-defined (and enforced) processes and newer technologies, like User Behavior Analytics (UBA).
 
Bottom line: user education is not new. But it is frequently overlooked as a potential solution due to mindsets developed when most of us didn’t know how to change the clocks on our VCRs, and never bothered to learn.

(Congratulations if you did not need to Google "VCR" to understand that sentence). Yet, today’s employees were raised with Nintendo, the Internet, and smartphones. They take pride in knowing about the latest apps, and every feature of their mobile devices. This means organizations can appeal to this generation’s "tech pride," educating them about how recommended "professional habits" can elevate them to positions of trust.

In other words, users are more capable of recognizing risks, and the value of preventative measures and processes, if we simply involve them.

DarkReading: http://ubm.io/1qVMYFI

« The Growing Cyber Threat From Iran
Convoy Of Self Driving Trucks Completes European Cross-Border Trip »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

authen2cate

authen2cate

Authen2cate offers a simple way to provide application access with our Identity and Access Management (IAM) solutions for enterprise, small business, and individual customers alike.

Masergy Communications

Masergy Communications

Masergy delivers hybrid networking, managed security and cloud communication solutions to enterprises around the globe.

Namogoo

Namogoo

Namogoo’s disruptive technology identifies and blocks unauthorized product ads that are injected into customer web sessions by client-side Digital Malware.

SEPPmail

SEPPmail

SEPPmail is a patented e-mail encryption solution to secure your electronic communication.

Cyber Observer

Cyber Observer

Cyber Observer’s team specializes in providing corporate officers with comprehensive, visual, real-time performance overview, critical security control (CSC) analysis.

Cybersecurity Coalition

Cybersecurity Coalition

The mission of the Cybersecurity Coalition is to bring together leading companies to help policymakers develop consensus-driven policy solutions to achieve improvements in cybersecurity.

Amadeus Capital Partners

Amadeus Capital Partners

Amadeus Capital Partners offers over 20 years’ experience in technology investment. Our areas of focus include AI & machine learning and cyber security.

Space ISAC

Space ISAC

Space ISAC is the only all-threats security information source for the public and private space sector.

Infopercept Consulting

Infopercept Consulting

Infopercept is a leading cybersecurity company in India, providing a critical layer of security to protect business information, infrastructure & assets across the organization.

HMS Networks

HMS Networks

HMS stands for Hardware meets Software. Our technology enables industrial hardware to communicate and share information with software and systems.

Chainlink

Chainlink

Chainlink expands the capability of smart contracts by enabling access to real-world data and systems without sacrificing the security and reliability guarantees inherent to blockchain technology.

Suridata

Suridata

Suridata’s SaaS Security platform enables organizations to secure the use of SaaS applications.

Rezonate

Rezonate

Rezonate discovers, profiles, and protects Identities and their entire access journey to cloud infrastructure and critical SaaS applications. Preventing and stopping cyberattacks.

Bluerydge

Bluerydge

Bluerydge specialises in cyber security and technology, focusing on the delivery of innovative sovereign solutions through trusted, cleared and experienced professionals.

Infrassist Technologies

Infrassist Technologies

We're Infrassist - a trusted white label Managed IT & Professional Services partner for MSP businesses.

Arms Cyber

Arms Cyber

Arms Cyber is redefining ransomware defense with advanced solutions that stop attacks before they start.