Category Archives: Talent Management

Dealing with insider threats

Leave a reply

Interesting survey just came out stating that employees would sell passwords for USD$1000.

The temptation of a quick buck could be hard to resist but that is all you need to gain access to a system.

Just last month, Apple employees were also offered bribes to disclose their credentials.

Insider threats are real, but as security professionals, working with departments would help provide an understanding on the state of play.

For example: If you’re a service provider for a high profile organisation, you may be the subject for such threats.

How could you reduce this:

  • The human factor is important, organisational morale, culture and trust must be at the top to help staff from being influenced by bribes.
  • Reporting is also key, staff must be encouraged to report such threats.
  • Suman Sourav (@SumanS0urav) makes a point with monitoring, detective controls for anomalous behaviour is important.

It’s not easy to stop insider threats but a culture conductive of trust will serve to reduce threats.

References:

http://www.infosecurity-magazine.com/news/employees-would-sell-passwords-for

http://www.ibtimes.co.uk/apple-employees-ireland-offered-20000-bribes-pass-login-ids-hackers-1543042

Avoiding Cyber Burnout

Leave a reply

After a very late night out, something possessed me to check Twitter and up came a tweet:

It’s Saturday but I still have to ask: what was your win for this past week? Everything counts. – @jessysaurusrex Mar 19

It struck the late night philosophical side so I asked, why the question?

…I think it’s important, esp, in infosec (bc there’s a high failure/burnout) to refocus on – @jessysaurusrex Mar 19

It got me thinking again in the morning, as leaders/managers/peers what do we do to reduce burnout?

I used to manage a virtual team for patch management with members geographically distributed. We all had our respective workloads but as patch Tuesday came in, it was all hands on deck, every month, without fail. Maintaining morale with a big workload is hard to do. Just as detecting emotional state is difficult over email, how do you know that the team is keeping well?

In our team, there were some punishing moments but we all managed ok. Part of this was due to the fact that we had short weekly phone conferences.

Why weekly? I wanted to know if there was something in the pipeline that could scuttle the ship. Did another manager just assign a piece of work that would detract from patching? Did a priority one come in?

The meetings also allowed members to openly express any immediate concerns or challenges. Just like the tweet, I wanted to know if we made any wins between meetings? If we didn’t, was there anything that other members could do to help out? Has anyone else experienced any problems? Is there something that I can escalate or offload?

It was a chance for others to help collaborate and help another person out.

Some other things that helped:

  • The ‘Vegas’ policy, what happens in the meeting, stays in the meeting
  • Updates, anyone assigned with an action item, owns it and is expected to follow through. If we have to chase, it is understood to be urgent and not monitoring.
  • Leave management to management, if a SME needs management support, the management rep would own the task, leaving the SME to focus on their turf.

We can’t control the world but we can always help others in need.

I’d like to know if you’ve had any techniques that could help reduce burnout amongst your teams?