When thinking about the insider threat, it is easy to focus on Edward Snowden, Chelsea Manning, and lawsuits between companies like Uber and Waymo. This is because the term itself conjures images of a malicious actor with deep access to systems and information that firewalls are (hopefully) protecting. This is certainly an example of one type of insider threat. There are several more that are equally dangerous. One is, of course, the “trusted insider.” This class of threat is made up of well-intentioned employees who fall victim to attackers and scammers that exploit a lack of defenses, knowledge and naivety.
In a recent byline published in Dark Reading, our CEO Christy Wyatt calls attention to how easy it is for humans to become vulnerabilities that, when exploited, essentially become insider threats. In “Facebook Must Patch 2 Billion Human Vulnerabilities; How You Can Patch Yours,” Wyatt points out how Facebook turned 2 billion uses into vulnerabilities through its failure to arm itself with sufficient visibility over its environment, ineffective early warning systems, and lack of user education and defense resources.
Christy isn’t the only security leader writing currently about the human vulnerability factor that organizations are contending with. In a post on Infosecurity Magazine, SABC founder Bruce Hallas wrote about a Ponemon survey conducted in January revealing that CISOs’ are most concerned about the human factor when it comes to keeping things secure. Access the entire article here: The Virtuous Circle between Security Culture and Security Behavior. Access the Ponemon report: What CISOs Worry About in 2018.