May 19, 2011 – I read with great interest a recent posting on CSO concerning what they called the “three types of insider threat” to organizations, enterprises and systems. With data and confidential information at the heart of the insurance enterprise, such threats must obviously be addressed.
The piece identifies these three types of workers as the “trusted unwitting insider,” the “trusted witting insider” and the “untrusted insider.” The first case is a person who, through some lapse in judgment, allows access to sensitive information (e.g., finding a thumb drive and plugging it into the company’s systems to see what it is), but certainly wouldn’t cause a problem purposely.
The “trusted witting insider” is a common thief—someone who purposely acts to steal information and probably sell it to the highest bidder, the article notes. The “untrusted insider” then, is someone who illegally gains access to the network via malware or other attack methods and gains privileges that can lead to havoc for the company whose systems are breached.
Certainly, all of these individuals present a danger to organizations like insurance companies that traffic in sensitive data, yet I would suggest there is another type of dangerous “insider” that is just as troublesome, and perhaps more difficult to detect. I would call this person the “trusted selfish insider.”
Like the “trusted unwitting insider,” the “trusted selfish insider” isn’t necessarily out to sell confidential information to a competitor or to the black market. On the other hand, the selfish employee really doesn’t care if information does happen to leak out due to some activity of his or hers. This individual has a strong set of priorities, and they begin and end with himself or herself.
For example, one of the most vulnerable places one can go in terms of security is any of the popular social networking sites. With half a billion people having Facebook accounts alone, this is obviously a significant problem, especially if one accesses such an account from inside a corporate network. The selfish employee may fully realize that Facebooking or Twittering from inside the corporate firewall is dangerous, but that is not a concern. All this employee really thinks about is telling everyone about the pearls of wisdom pouring forth from his or her allegedly superior brain every few minutes. If some hacker happens to jump in and become an “untrusted insider,” well that’s just too bad. The company should have safeguards to prevent that from happening.
The irony is that every company does have a safeguard to prevent this from happening. That safeguard is a set of policies for Internet access and a set of employees who respect and value their places of business enough to follow those policies. Many organizations lack a sensible policy, and that is a shame, but a correctable one. On the other hand, lots of social media acolytes are only too happy to try and bypass their companies’ policies in order to satisfy their insatiable lust for attention.
That problem is much harder to solve. If you are fortunate enough to be able to identify a “trusted selfish insider,” however, you would be wise to move such an individual into the “untrusted” category.
This column originally appeared on Insurance Networking News.
Register or login for access to this item and much more
All Information Management content is archived after seven days.
Community members receive:
- All recent and archived articles
- Conference offers and updates
- A full menu of enewsletter options
- Web seminars, white papers, ebooks
Already have an account? Log In
Don't have an account? Register for Free Unlimited Access