Monday, February 27, 2012

Hayden Goes Inside on Grid Security for Internal Threats

Sometimes it's the ones you trust the most who can hurt you the most.

It's not something I normally say when meeting with clients, but after attending maybe a thousand or so on-site and virtual security presentations to all manner of customers and organizations, one very common statement you hear is that insider threats are more pervasive and potentially damaging than external threats.

If you buy that (and I recommend you do) it sort of makes you look at your employees and colleagues a little differently, right? Maybe you need to add a mind reader or at least a psychiatrist to the payroll, though today there are analytics that can greatly help the rotten eggs.

Electric grid security expert Ernie Hayden is back again, this time with a piece on internal organizational cyber introspection (article HERE). I'll give you a tapas-sized preview with an excerpt you won't reach till near the end:
The bottom line is that insider threats can (and probably have) happened to every enterprise. With the increased global nature of business competition, it wouldn’t surprise me if this challenge increases, along with increased external cyberthreats to our IT systems. Organizations must always remain alert to the insider threat, including making plans for the inevitable risks to systems. Those organizations that are knowledgeable of the risks and are well prepared for such eventualities will benefit from knowing how to respond quickly to reduce or prevent the insider threat.
To me, that's a call to action for preparation, practice, and resiliency capabilities. In case you miss it as you read through through Hayden's article, he and I suggest you follow the link inside to Carnegie Mellon University's CERT Insider Threat Center. It has a tremendous amount of useful information on insider threat issues, how to detect them, how to defeat them, etc.

Note: If you're not already registered on the SearchSecurity site, becoming so is not difficult or timeconsuming, just make sure you don't accidentally agree to get spammed. There's a nice opt out selection near the bottom of a long list of subscription choices.

Photo credit: Alisha Rusher on