insider threats, employees, incident response, monitoring, opm, target, executives, accountability, advanced persistent threats, apt
You are not logged in. Access is limited. Login or see membership information. • Streetwise Security Zone Community

To see the list of all blogs, including Scott Wright's Security Views Blog and the Streetwise Security Zone Podcast click HERE. You also can subscribe via an RSS reader, or check the "Watch This" box in the left column to receive news by email of new articles.

  Scott Wright's Security Views
Blog Entry

Politically correct justifications for addressing insider employee security threats

Monday, July 27th 2015 @ 12:00 AM (not yet rated)    post viewed 2352 times

Nobody wants to be suspected of being untrustworthy, or acting against their employer or other employees. So, senior managers can be hesitant or unwilling to deal seriously with insider security threats. They may not want to face backlash from employees who feel they are being treated like criminals. Some Apple Store employees apparently complained to Apple CEO Tim Cook that some mandatory bag searches of employees leaving their shifts are unnecessarily embarrassing, and are sometimes even done in public.

It’s understandable that this is a touchy subject with employees; but there are ways that employers can start to take a reasonable position on reducing risks from insiders.

The Accountability Argument

In virtually all medium to large sized organizations, managers can and should emphasize the importance of accountability to shareholders (for companies) and the public (for government organizations). Management is clearly being held more accountable than ever before with respect to any foreseeable risks to their stakeholders, of all kinds. So, using this accountability is one way of helping employees rationalize the need for stricter monitoring on the inside.

Good examples of management being held accountable can be found in the cases of Target and the Office of Personnel Management (OPM). In both cases, the top executives had to step down after major security incidents. Whether or not the incident was initiated from the inside, the executives are ultimately responsible.

The Advanced Persistent Threat Argument

Even if employees know that management will be held accountable for security breaches, they may still feel that they are being treated with suspicion when security policies appear to be draconian. However, many new advanced attacks use hacker tools, as well as social engineering to gain control of employees’ network accounts. When this occurs, even an outsider attack can look like it is being caused by an employee.

If an employee’s account has been compromised, and it has access to any sensitive resources, it can be used maliciously. So, management has an obligation, even if it is more concerned with external threats than internal ones, to monitor internal accounts closely. The same goes for monitoring physical access, because attackers can try to impersonate people with access privileges. So, sign-in and card-access logs should be managed carefully to catch these kinds of incidents.

These methods don’t guarantee that employees won’t be annoyed by increased monitoring that appears to be directed at them, but they are valid, and provide a good basis for expanding into the murky waters of managing risks from insider threats.

How does your organization prevent or monitor insider threats?



Scott Wright

The Streetwise Security Coach

Phone: 1-613-693-0997
Scott Wright on LinkedIn 

To download my FREE Security Management Resource Guide now, and to receive my series of Streetwise Security Tips, as well as my Streetwise Security News and updates click HERE.


Site Meter

 rate this post: very bad poor average good fantastic!

Copyright 2012. Security Perspectives Inc. All Rights Reserved.