The insider threat is complicated, and most organizations do not fully understand the magnitude of the problem. There are three main reasons why the insider threat has been ignored: Organizations do not know it's happening, it's easy for organizations to be in denial, and organizations fear bad publicity.

Eric Cole, Founder & Chief Scientist, Secure Anchor Consulting

September 28, 2010

4 Min Read

The insider threat is complicated, and most organizations do not fully understand the magnitude of the problem. There are three main reasons why the insider threat has been ignored: Organizations do not know it's happening, it's easy for organizations to be in denial, and organizations fear bad publicity.We will now examine the first reason why organizations ignore the insider threat: Organizations do not know it is happening. A major reason that companies do not know it is occurring is because of the fluctuation of revenue. All companies have good quarters and bad quarters. When companies have bad quarters, there are usually certain factors to explain the dismal earnings. Whether a competitor released a similar product or a company's product did not do as well as expected, factors such as these help to explain low revenue quarters. Most companies will chalk up these factors to poor market analysis instead of considering the poor performance as the possibility of an insider attack.

This is not intended to scare companies into thinking every time there is a poor quarter, there is an insider attack. Rather, this post is intended to raise awareness of what is happening and potentially give organizations an alternative explanation to what is happening when none of the conventional explanations seem to make sense. The most important thing for organizations that believe they might be the victim of an insider attack is to take action immediately. The insider threat can be thought of as a fire -- and ignoring it will only make matters worse.

The second reason organizations ignore the insider threat is that it is easier from them to be in denial. Like any major problem, whether it is alcohol, drugs, or gambling, in order to fix it one must admit one exists. Furthermore, it does no good just to admit the problem if no actions are taken to mitigate the problem. These previous statements are true with any problem that an organization or individual faces. It is sometimes easier to live in denial than to accept the truth and have to deal with it. When it comes to the insider threat, many organizations write it off and are willing to accept certain levels of loss. The only problem with this method is that most organizations that write off the insider threat, one, have no idea how much the company is actually losing, and, two, have no idea of the organization's tolerance for this problem.

If companies truly understood these two principles and could accept the damages, then that would be one thing, but many organizations have no idea the extent of the damages being caused by insider threat. While it is easier to live in denial for a short period of time, it is easier to identify and deal with the problem now than allow it to grow worse over time.

The third reason why organizations ignore the insider threat is the fear of bad publicity.

In some cases, organizations are acknowledging they have a problem and dealing with it, but they are not telling anyone because of the fear of bad publicity. What these organizations do not realize is that acknowledging the problem and publicly dealing with it could make the organization much more secure than all of the other competitor organizations denying the problem or not being honest with their customers.

The real question that most executives ask is: What benefit or good will come of publicly announcing we had a problem? Except for raising awareness across the industry, little direct benefit will come to the company in some cases. These are the main reasons why many organizations decide to ignore the insider threat. While it might be easier in the short run, it is guaranteed to make the problem much more difficult in the long run.

Dr. Eric Cole, Ph.D., is a security expert with more than 15 years of hands-on experience. Cole has experience in information technology with a focus on perimeter defense, secure network design, vulnerability discovery, penetration testing, and intrusion detection systems. He is the author of several books, including Hackers Beware, Hiding in Plain Site, Network Security Bible, and Insider Threat. He is the inventor of more than 20 patents, and is a researcher, writer, and speaker. Cole is a member of the Commission on Cyber Security for the 44th President and several executive advisory boards, and is CTO of the Americas for McAfee. Cole is involved with the SANS Technology Institute (STI) and SANS working with students, teaching, and maintaining and developing courseware. He is a SANS fellow, instructor, and course author.

About the Author(s)

Eric Cole

Founder & Chief Scientist, Secure Anchor Consulting

Dr. Cole has 20 years of hands-on experience in information technology with a focus on building out dynamic defense solutions that protect organizations from advanced threats. He has a Master's degree in computer science from NYIT and a Doctorate from Pace University, with a concentration in information security. He the author of several books, including Advanced Persistent Threat, Hackers Beware, Hiding in Plain Site, Network Security Bible, and Insider Threat, and holds more than 20 patents. He is a member of the Commission on Cyber Security for the 44th President and is actively involved with the SANS Technology Institute (STI). He also served as CTO of McAfee and Chief Scientist for Lockheed Martin.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights