Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


05:49 PM
Eric Cole
Eric Cole
Connect Directly

Why The Insider Threat Is Ignored

The insider threat is complicated, and most organizations do not fully understand the magnitude of the problem. There are three main reasons why the insider threat has been ignored: Organizations do not know it's happening, it's easy for organizations to be in denial, and organizations fear bad publicity.

The insider threat is complicated, and most organizations do not fully understand the magnitude of the problem. There are three main reasons why the insider threat has been ignored: Organizations do not know it's happening, it's easy for organizations to be in denial, and organizations fear bad publicity.We will now examine the first reason why organizations ignore the insider threat: Organizations do not know it is happening. A major reason that companies do not know it is occurring is because of the fluctuation of revenue. All companies have good quarters and bad quarters. When companies have bad quarters, there are usually certain factors to explain the dismal earnings. Whether a competitor released a similar product or a company's product did not do as well as expected, factors such as these help to explain low revenue quarters. Most companies will chalk up these factors to poor market analysis instead of considering the poor performance as the possibility of an insider attack.

This is not intended to scare companies into thinking every time there is a poor quarter, there is an insider attack. Rather, this post is intended to raise awareness of what is happening and potentially give organizations an alternative explanation to what is happening when none of the conventional explanations seem to make sense. The most important thing for organizations that believe they might be the victim of an insider attack is to take action immediately. The insider threat can be thought of as a fire -- and ignoring it will only make matters worse.

The second reason organizations ignore the insider threat is that it is easier from them to be in denial. Like any major problem, whether it is alcohol, drugs, or gambling, in order to fix it one must admit one exists. Furthermore, it does no good just to admit the problem if no actions are taken to mitigate the problem. These previous statements are true with any problem that an organization or individual faces. It is sometimes easier to live in denial than to accept the truth and have to deal with it. When it comes to the insider threat, many organizations write it off and are willing to accept certain levels of loss. The only problem with this method is that most organizations that write off the insider threat, one, have no idea how much the company is actually losing, and, two, have no idea of the organization's tolerance for this problem.

If companies truly understood these two principles and could accept the damages, then that would be one thing, but many organizations have no idea the extent of the damages being caused by insider threat. While it is easier to live in denial for a short period of time, it is easier to identify and deal with the problem now than allow it to grow worse over time.

The third reason why organizations ignore the insider threat is the fear of bad publicity.

In some cases, organizations are acknowledging they have a problem and dealing with it, but they are not telling anyone because of the fear of bad publicity. What these organizations do not realize is that acknowledging the problem and publicly dealing with it could make the organization much more secure than all of the other competitor organizations denying the problem or not being honest with their customers.

The real question that most executives ask is: What benefit or good will come of publicly announcing we had a problem? Except for raising awareness across the industry, little direct benefit will come to the company in some cases. These are the main reasons why many organizations decide to ignore the insider threat. While it might be easier in the short run, it is guaranteed to make the problem much more difficult in the long run.

Dr. Eric Cole, Ph.D., is a security expert with more than 15 years of hands-on experience. Cole has experience in information technology with a focus on perimeter defense, secure network design, vulnerability discovery, penetration testing, and intrusion detection systems. He is the author of several books, including Hackers Beware, Hiding in Plain Site, Network Security Bible, and Insider Threat. He is the inventor of more than 20 patents, and is a researcher, writer, and speaker. Cole is a member of the Commission on Cyber Security for the 44th President and several executive advisory boards, and is CTO of the Americas for McAfee. Cole is involved with the SANS Technology Institute (STI) and SANS working with students, teaching, and maintaining and developing courseware. He is a SANS fellow, instructor, and course author. Dr. Cole has 20 years of hands-on experience in information technology with a focus on building out dynamic defense solutions that protect organizations from advanced threats. He has a Master's degree in computer science from NYIT and a Doctorate from Pace University, with a ... View Full Bio

Comment  | 
Print  | 
More Insights
Threaded  |  Newest First  |  Oldest First
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-05-13
Piwigo 11.4.0 allows admin/user_list_backend.php order[0][dir] SQL Injection.
PUBLISHED: 2021-05-13
The Flask-Caching extension through 1.10.1 for Flask relies on Pickle for serialization, which may lead to remote code execution or local privilege escalation. If an attacker gains access to cache storage (e.g., filesystem, Memcached, Redis, etc.), they can construct a crafted payload, poison the ca...
PUBLISHED: 2021-05-13
Bitcoin Core 0.12.0 through 0.21.1 does not properly implement the replacement policy specified in BIP125, which makes it easier for attackers to trigger a loss of funds, or a denial of service attack against downstream projects such as Lightning network nodes. An unconfirmed child transaction with ...
PUBLISHED: 2021-05-13
The HTMLSanitizer class in html-sanitizer.ts in all released versions of the Aurelia framework 1.x repository is vulnerable to XSS. The sanitizer only attempts to filter SCRIPT elements, which makes it feasible for remote attackers to conduct XSS attacks via (for example) JavaScript code in an attri...
PUBLISHED: 2021-05-13
An information disclosure vulnerability in ILIAS before 5.3.19, 5.4.12 and 6.0 allows remote authenticated attackers to get the upload data path via a workspace upload.