Insider Threat

The Inside Threat

Insider Threat…The root of all evil when temptations and unfavourable circumstances are over bearing…

Time and time again ‘the Business’ gets panic in a plethora of noise about a new or reincarnated version of malware/botnets. However, whilst we are caught up in the noise/hype, the technical acronyms and the race to get a new fix in, our esteemed internal colleagues are plotting a sly way to steel your treasure – your data.

Insider threat has always been on the radar but the political correctness of organisations tend to be a bit softer and fluffy about the trust of their employees.  On one hand it’s great to have an established view that… I trust all my employees.  However, I am a realist and we must not forget that we live in the real world where data is a strong currency and not everyone who works for you, share your vision and company ethos.

The phrase… keep your friend close and your enemy closer…’ could easily be twisted to say, keep your enemy close and your employee closely monitored’.

Time and time again you see examples of data breach in the news and we wonder why this keeps happening.  Be it deliberate or accidental.

Over the last 12-18 months, there’s been a spate of incidents with household brands such as Morrison’s, The Government and other private entities.  For Morrison’s, lightening struck twice in the same place.  It is a very telling story considering where cybersecurity was in terms of Board level visibility 5-10 years ago.  The board can no longer ignore that fact that they are live targets and it is not a matter of ‘if’, but actually, when do we find out that we have been hacked.  There was a time when most data breach was arising from the public sector and some private sector companies grin quietly as to show their level of investment and robustness.  However, what we are seeing now is a state of humbleness and quiet shuffling of the cards to make strides towards hardening and ensuring that information security is talked about and embedded throughout the organisation.

Whilst most tech savvy and Infosec enthusiast knows or at least acknowledge that cyberwar is currently about firefighting for most companies, it is equally true that some SMEs just do not have the resources, finance or apetite to even start considering defending their business.

However, there are some things that companies can do on their own with ad-hoc or consistent 3rd party support.  Here are some of the things that can be done to start building a foundation…

  • Develop a policy and share it with everyone in the business… discuss the challenges and get feedback to improve as your business evolve
  • Help employees to understand the drivers/reasons behind these policies and the importance of adhering to these
  • Use software tools as part of the strategy to compliment policies and monitor and updated data security controls as necessary.

So what’s the solution?

Whatever the solution, we will always be human and we will always find a way.  This is always going cut across the people, process and technology landscape…


Provide current realistic training and awareness for all employees.  The training should be tailored to team and individual roles.  We cannot over-emphasise the value of good training.  After all, most of or a great proportion of the breaches that occur are human error and are accidental.


This is a very broad area and can be lead to various interpretations.  However in terms of process in this context, I am referring to:

(1) A process to access what is considered privileged data

(2) A process to proactively monitor staff activities to spot trends and spike in behaviour.  Not just random behaviours but long-term persistent activities.

(3) Staff profiling and network (external) connection to outside affiliations that could cause concern by association and the potential for blackmail, bribery etc.