Identification of a spy in the staff. Industrial and corporate espionage for secrets. Data leaks, sabotage and surveillance of a competitor. NDA agreement. Checking for security insider threat.

Unveiling the Menace of Passive Insider Threats in Your Business

October 18, 2023

“They mash keys!”

That is what a law enforcement officer told me when I asked him about passive insider threats. These are the people who fail the phishing tests. They resist changing passwords. They are a threat to an organization.

September was Insider Threat Month, prime time to talk about the risks posed by passive insider threats. An insider is any person who has (or had) authorized access to (or knowledge of) an organization’s resources, including personnel, facilities, information, equipment, networks, and systems. These aren’t necessarily malicious people, and they may be long-time employees.

As a kid, the first nightmare I got from reading a book was Salem’s Lot by Stephen King. As terrified as I was, I learned that vampires have rules. They must be invited in. Passive insiders are opening the windows and leaving the doors ajar for these cyber vampires.

How do you identify these employees for additional training and monitoring?

  • They visit websites that they wouldn’t at home
  • They click on links in emails carelessly
  • They mash the keys on their keyboards
  • They fail the organizational phishing email tests
  • They are slow to embrace change

These are the people who also fall victim to social engineering. By using the principles of persuasion (romance, finance, job, academic, etc.), cyber vampires enter their lives and organizations.

How can an organization mitigate these Insider Threats?

As our friends at CISA note in their Insider Threat .pdf, “…coworkers, peers, friends, family members, or casual observers are the human components for the detection and identification of an insider threat. They are frequently positioned to have insight into and awareness of predispositions, stressors, and behaviors of insiders. Behaviors reflect patterns of activity over time, based on the way the insider interacts within the organization. These indicators are directly observable by peers, HR personnel, supervisors, managers, and technological systems.”
The moral of this horror story is that the best defense against passive Insider Threats is community. When the leadership and staff of organizations look out for each other, the threats diminish. Rebecca Morgan (Insider Threat guru) closed a presentation a few years ago by sending a simple message to leaders, “Just be nice.”

Contributed by Andrew Rose
Related Articles:
Contact Us
410.877.3625
[email protected]

920 Ridgebrook Road, Suite 120
Sparks Glencoe, MD 21152

Sitemap
About
Webinars
Blog
Contact
Client Portal
Follow Us