This is not intended to scare companies into thinking every time there is a poor quarter, there is an insider attack. Rather, this post is intended to raise awareness of what is happening and potentially give organizations an alternative explanation to what is happening when none of the conventional explanations seem to make sense. The most important thing for organizations that believe they might be the victim of an insider attack is to take action immediately. The insider threat can be thought of as a fire -- and ignoring it will only make matters worse.
The second reason organizations ignore the insider threat is that it is easier from them to be in denial. Like any major problem, whether it is alcohol, drugs, or gambling, in order to fix it one must admit one exists. Furthermore, it does no good just to admit the problem if no actions are taken to mitigate the problem. These previous statements are true with any problem that an organization or individual faces. It is sometimes easier to live in denial than to accept the truth and have to deal with it. When it comes to the insider threat, many organizations write it off and are willing to accept certain levels of loss. The only problem with this method is that most organizations that write off the insider threat, one, have no idea how much the company is actually losing, and, two, have no idea of the organization's tolerance for this problem.
If companies truly understood these two principles and could accept the damages, then that would be one thing, but many organizations have no idea the extent of the damages being caused by insider threat. While it is easier to live in denial for a short period of time, it is easier to identify and deal with the problem now than allow it to grow worse over time.
The third reason why organizations ignore the insider threat is the fear of bad publicity.
In some cases, organizations are acknowledging they have a problem and dealing with it, but they are not telling anyone because of the fear of bad publicity. What these organizations do not realize is that acknowledging the problem and publicly dealing with it could make the organization much more secure than all of the other competitor organizations denying the problem or not being honest with their customers.
The real question that most executives ask is: What benefit or good will come of publicly announcing we had a problem? Except for raising awareness across the industry, little direct benefit will come to the company in some cases. These are the main reasons why many organizations decide to ignore the insider threat. While it might be easier in the short run, it is guaranteed to make the problem much more difficult in the long run.
Dr. Eric Cole, Ph.D., is a security expert with more than 15 years of hands-on experience. Cole has experience in information technology with a focus on perimeter defense, secure network design, vulnerability discovery, penetration testing, and intrusion detection systems. He is the author of several books, including Hackers Beware, Hiding in Plain Site, Network Security Bible, and Insider Threat. He is the inventor of more than 20 patents, and is a researcher, writer, and speaker. Cole is a member of the Commission on Cyber Security for the 44th President and several executive advisory boards, and is CTO of the Americas for McAfee. Cole is involved with the SANS Technology Institute (STI) and SANS working with students, teaching, and maintaining and developing courseware. He is a SANS fellow, instructor, and course author.