Interesting survey just came out stating that employees would sell passwords for USD$1000.
The temptation of a quick buck could be hard to resist but that is all you need to gain access to a system.
Just last month, Apple employees were also offered bribes to disclose their credentials.
Insider threats are real, but as security professionals, working with departments would help provide an understanding on the state of play.
For example: If you’re a service provider for a high profile organisation, you may be the subject for such threats.
How could you reduce this:
- The human factor is important, organisational morale, culture and trust must be at the top to help staff from being influenced by bribes.
- Reporting is also key, staff must be encouraged to report such threats.
- Suman Sourav (@SumanS0urav) makes a point with monitoring, detective controls for anomalous behaviour is important.
It’s not easy to stop insider threats but a culture conductive of trust will serve to reduce threats.
References:
http://www.infosecurity-magazine.com/news/employees-would-sell-passwords-for
http://www.ibtimes.co.uk/apple-employees-ireland-offered-20000-bribes-pass-login-ids-hackers-1543042