Dealing with insider threats

Interesting survey just came out stating that employees would sell passwords for USD$1000.

The temptation of a quick buck could be hard to resist but that is all you need to gain access to a system.

Just last month, Apple employees were also offered bribes to disclose their credentials.

Insider threats are real, but as security professionals, working with departments would help provide an understanding on the state of play.

For example: If you’re a service provider for a high profile organisation, you may be the subject for such threats.

How could you reduce this:

  • The human factor is important, organisational morale, culture and trust must be at the top to help staff from being influenced by bribes.
  • Reporting is also key, staff must be encouraged to report such threats.
  • Suman Sourav (@SumanS0urav) makes a point with monitoring, detective controls for anomalous behaviour is important.

It’s not easy to stop insider threats but a culture conductive of trust will serve to reduce threats.

References:

http://www.infosecurity-magazine.com/news/employees-would-sell-passwords-for

http://www.ibtimes.co.uk/apple-employees-ireland-offered-20000-bribes-pass-login-ids-hackers-1543042

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s