Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

9/28/2010
05:49 PM
Eric Cole
Eric Cole
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Why The Insider Threat Is Ignored

The insider threat is complicated, and most organizations do not fully understand the magnitude of the problem. There are three main reasons why the insider threat has been ignored: Organizations do not know it's happening, it's easy for organizations to be in denial, and organizations fear bad publicity.

The insider threat is complicated, and most organizations do not fully understand the magnitude of the problem. There are three main reasons why the insider threat has been ignored: Organizations do not know it's happening, it's easy for organizations to be in denial, and organizations fear bad publicity.We will now examine the first reason why organizations ignore the insider threat: Organizations do not know it is happening. A major reason that companies do not know it is occurring is because of the fluctuation of revenue. All companies have good quarters and bad quarters. When companies have bad quarters, there are usually certain factors to explain the dismal earnings. Whether a competitor released a similar product or a company's product did not do as well as expected, factors such as these help to explain low revenue quarters. Most companies will chalk up these factors to poor market analysis instead of considering the poor performance as the possibility of an insider attack.

This is not intended to scare companies into thinking every time there is a poor quarter, there is an insider attack. Rather, this post is intended to raise awareness of what is happening and potentially give organizations an alternative explanation to what is happening when none of the conventional explanations seem to make sense. The most important thing for organizations that believe they might be the victim of an insider attack is to take action immediately. The insider threat can be thought of as a fire -- and ignoring it will only make matters worse.

The second reason organizations ignore the insider threat is that it is easier from them to be in denial. Like any major problem, whether it is alcohol, drugs, or gambling, in order to fix it one must admit one exists. Furthermore, it does no good just to admit the problem if no actions are taken to mitigate the problem. These previous statements are true with any problem that an organization or individual faces. It is sometimes easier to live in denial than to accept the truth and have to deal with it. When it comes to the insider threat, many organizations write it off and are willing to accept certain levels of loss. The only problem with this method is that most organizations that write off the insider threat, one, have no idea how much the company is actually losing, and, two, have no idea of the organization's tolerance for this problem.

If companies truly understood these two principles and could accept the damages, then that would be one thing, but many organizations have no idea the extent of the damages being caused by insider threat. While it is easier to live in denial for a short period of time, it is easier to identify and deal with the problem now than allow it to grow worse over time.

The third reason why organizations ignore the insider threat is the fear of bad publicity.

In some cases, organizations are acknowledging they have a problem and dealing with it, but they are not telling anyone because of the fear of bad publicity. What these organizations do not realize is that acknowledging the problem and publicly dealing with it could make the organization much more secure than all of the other competitor organizations denying the problem or not being honest with their customers.

The real question that most executives ask is: What benefit or good will come of publicly announcing we had a problem? Except for raising awareness across the industry, little direct benefit will come to the company in some cases. These are the main reasons why many organizations decide to ignore the insider threat. While it might be easier in the short run, it is guaranteed to make the problem much more difficult in the long run.

Dr. Eric Cole, Ph.D., is a security expert with more than 15 years of hands-on experience. Cole has experience in information technology with a focus on perimeter defense, secure network design, vulnerability discovery, penetration testing, and intrusion detection systems. He is the author of several books, including Hackers Beware, Hiding in Plain Site, Network Security Bible, and Insider Threat. He is the inventor of more than 20 patents, and is a researcher, writer, and speaker. Cole is a member of the Commission on Cyber Security for the 44th President and several executive advisory boards, and is CTO of the Americas for McAfee. Cole is involved with the SANS Technology Institute (STI) and SANS working with students, teaching, and maintaining and developing courseware. He is a SANS fellow, instructor, and course author. Dr. Cole has 20 years of hands-on experience in information technology with a focus on building out dynamic defense solutions that protect organizations from advanced threats. He has a Master's degree in computer science from NYIT and a Doctorate from Pace University, with a ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
44% of Security Threats Start in the Cloud
Kelly Sheridan, Staff Editor, Dark Reading,  2/19/2020
Zero-Factor Authentication: Owning Our Data
Nick Selby, Chief Security Officer at Paxos Trust Company,  2/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
How Enterprises Are Developing and Maintaining Secure Applications
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-8818
PUBLISHED: 2020-02-25
An issue was discovered in the CardGate Payments plugin through 2.0.30 for Magento 2. Lack of origin authentication in the IPN callback processing function in Controller/Payment/Callback.php allows an attacker to remotely replace critical plugin settings (merchant ID, secret key, etc.) and therefore...
CVE-2020-8819
PUBLISHED: 2020-02-25
An issue was discovered in the CardGate Payments plugin through 3.1.15 for WooCommerce. Lack of origin authentication in the IPN callback processing function in cardgate/cardgate.php allows an attacker to remotely replace critical plugin settings (merchant ID, secret key, etc.) and therefore bypass ...
CVE-2020-9385
PUBLISHED: 2020-02-25
A NULL Pointer Dereference exists in libzint in Zint 2.7.1 because multiple + characters are mishandled in add_on in upcean.c, when called from eanx in upcean.c during EAN barcode generation.
CVE-2020-9382
PUBLISHED: 2020-02-24
An issue was discovered in the Widgets extension through 1.4.0 for MediaWiki. Improper title sanitization allowed for the execution of any wiki page as a widget (as defined by this extension) via MediaWiki's } parser function.
CVE-2020-1938
PUBLISHED: 2020-02-24
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that ...