cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Community Champion

Re: How true is this? Greatest Insider Threat is the C-Suite>

Craig,

Thanks for putting it so eloquently. To me when I hear the word threat, it indicates an immediate response is required where a risk or vulnerability we have time to remediate or lessen the impact. If I have an active insider threat, I need to be monitoring, auditing, intervening, and actively trying to shut it down. If it is just an uninformed executive who might click on a phishing email, then I have time to ensure my user education is improved, to install an anti-phishing product, to have a one-on-one security briefing, etc.  Where I live, a hurricane is a threat, but not in November through April, and only when there is a named storm. Which then we usually have days to weeks to prepare. Any user is a threat to do something bad, whether malicious or not, to me an insider threat is something requiring an immediate response. Perhaps insider risk would be a better title.....

Highlighted
Community Champion

Re: How true is this? Greatest Insider Threat is the C-Suite>

 

One of the reasons I got into this field is that I was appalled by how lightly security would often be taken in organizations I was with before.

 

2 examples from a single organization, where I was working as a system admin: -

 

1) A director had a dedicated WiFi channel with full intranet access & unrestricted internet access, of which he'd tend to share the WPA key with whoever visited him --- it would never be changed!

2) The GM once called me to check an issue on his Mac;  while I was at it, he excused himself to grab his lunch --- leaving me with full access to his laptop, with the emails & all the info there. (Worse, he didn't bother to log off)

 

(Most ironic was that this organization got itself certified in ISMS)

 

Anyways, back to these examples, while I see anything that may compromise IT Security as a threat --- be it malicious or not --- we might consider these as vulnerabilities that have been created, & could potentially be exploited. In the case of 1, an outsider could get access to the internal network to launch an attack or carry out reconnaissance; with 2, the GM's system could be used to send out fake emails, or there may be data leakage / theft.

 

So the parties that have malicious intentions and take advantage of these vulnerabilities could be seen as the threat actors, rather than the executives themselves.

 

What's your view on all this?

 

 

 

Shannon D'Cruz,
CISM, CISSP

www.linkedin.com/in/shannondcruz