Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

9/28/2010
05:49 PM
Eric Cole
Eric Cole
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Why The Insider Threat Is Ignored

The insider threat is complicated, and most organizations do not fully understand the magnitude of the problem. There are three main reasons why the insider threat has been ignored: Organizations do not know it's happening, it's easy for organizations to be in denial, and organizations fear bad publicity.

The insider threat is complicated, and most organizations do not fully understand the magnitude of the problem. There are three main reasons why the insider threat has been ignored: Organizations do not know it's happening, it's easy for organizations to be in denial, and organizations fear bad publicity.We will now examine the first reason why organizations ignore the insider threat: Organizations do not know it is happening. A major reason that companies do not know it is occurring is because of the fluctuation of revenue. All companies have good quarters and bad quarters. When companies have bad quarters, there are usually certain factors to explain the dismal earnings. Whether a competitor released a similar product or a company's product did not do as well as expected, factors such as these help to explain low revenue quarters. Most companies will chalk up these factors to poor market analysis instead of considering the poor performance as the possibility of an insider attack.

This is not intended to scare companies into thinking every time there is a poor quarter, there is an insider attack. Rather, this post is intended to raise awareness of what is happening and potentially give organizations an alternative explanation to what is happening when none of the conventional explanations seem to make sense. The most important thing for organizations that believe they might be the victim of an insider attack is to take action immediately. The insider threat can be thought of as a fire -- and ignoring it will only make matters worse.

The second reason organizations ignore the insider threat is that it is easier from them to be in denial. Like any major problem, whether it is alcohol, drugs, or gambling, in order to fix it one must admit one exists. Furthermore, it does no good just to admit the problem if no actions are taken to mitigate the problem. These previous statements are true with any problem that an organization or individual faces. It is sometimes easier to live in denial than to accept the truth and have to deal with it. When it comes to the insider threat, many organizations write it off and are willing to accept certain levels of loss. The only problem with this method is that most organizations that write off the insider threat, one, have no idea how much the company is actually losing, and, two, have no idea of the organization's tolerance for this problem.

If companies truly understood these two principles and could accept the damages, then that would be one thing, but many organizations have no idea the extent of the damages being caused by insider threat. While it is easier to live in denial for a short period of time, it is easier to identify and deal with the problem now than allow it to grow worse over time.

The third reason why organizations ignore the insider threat is the fear of bad publicity.

In some cases, organizations are acknowledging they have a problem and dealing with it, but they are not telling anyone because of the fear of bad publicity. What these organizations do not realize is that acknowledging the problem and publicly dealing with it could make the organization much more secure than all of the other competitor organizations denying the problem or not being honest with their customers.

The real question that most executives ask is: What benefit or good will come of publicly announcing we had a problem? Except for raising awareness across the industry, little direct benefit will come to the company in some cases. These are the main reasons why many organizations decide to ignore the insider threat. While it might be easier in the short run, it is guaranteed to make the problem much more difficult in the long run.

Dr. Eric Cole, Ph.D., is a security expert with more than 15 years of hands-on experience. Cole has experience in information technology with a focus on perimeter defense, secure network design, vulnerability discovery, penetration testing, and intrusion detection systems. He is the author of several books, including Hackers Beware, Hiding in Plain Site, Network Security Bible, and Insider Threat. He is the inventor of more than 20 patents, and is a researcher, writer, and speaker. Cole is a member of the Commission on Cyber Security for the 44th President and several executive advisory boards, and is CTO of the Americas for McAfee. Cole is involved with the SANS Technology Institute (STI) and SANS working with students, teaching, and maintaining and developing courseware. He is a SANS fellow, instructor, and course author. Dr. Cole has 20 years of hands-on experience in information technology with a focus on building out dynamic defense solutions that protect organizations from advanced threats. He has a Master's degree in computer science from NYIT and a Doctorate from Pace University, with a ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
For Cybersecurity to Be Proactive, Terrains Must Be Mapped
Craig Harber, Chief Technology Officer at Fidelis Cybersecurity,  10/8/2019
A Realistic Threat Model for the Masses
Lysa Myers, Security Researcher, ESET,  10/9/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-17593
PUBLISHED: 2019-10-14
JIZHICMS 1.5.1 allows admin.php/Admin/adminadd.html CSRF to add an administrator.
CVE-2019-17594
PUBLISHED: 2019-10-14
There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.
CVE-2019-17595
PUBLISHED: 2019-10-14
There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.
CVE-2019-14823
PUBLISHED: 2019-10-14
A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be vulnerable to...
CVE-2019-17592
PUBLISHED: 2019-10-14
The csv-parse module before 4.4.6 for Node.js is vulnerable to Regular Expression Denial of Service. The __isInt() function contains a malformed regular expression that processes large crafted input very slowly. This is triggered when using the cast option.