Everyone has a theory as to who is behind the recent Sony Pictures hack. If the current media story is not to your liking and you’re looking for another expert opinion, then take a look at the Sony Hack Attribution Generator. Fire it up, hit refresh on your browser and you’ll get a new and exciting version of what exactly happened complete with ‘evidence’ linking the crime to some random country.
A Senior Level Concern
Away from the hype around who the real Sony perpetrators were, what we are seeing is more senior level engagement with the issue of security. We saw in early 2014 in the example of Target that responsibility for a breach can fall at the feet of a CEO with a very large company. In the case of Sony the sheer scale and impact of that breach has clearly demonstrated that security has to be an ongoing concern for any top executive in 2015.
For such top executives, it is often assumed that IT viruses and hackers should be their organizations biggest security concern. The reality (and what is now being reported with regards to the Sony breach) is that it is your own staff, whether maliciously or accidentally, that are the most common cause of security breach.
Too often overlooked (often critically) by the boardroom, is how people, process and technology should be set up to protect an organization against the insider threat. This is the risk that stems from both malicious and careless employee behavior that often cause or aide so many security breaches.
The Insider Threat is not just about Corporate Data
Today’s world offers many different opportunities for the insider threat and it’s not just corporate data that is at risk. Critical services that society relies on are dependent on computers and seen as potentially vulnerable to security attacks.
The CERT Insider Threat Center concludes from its research that insider attacks occur across all organizational sectors and highlights three examples of the most common acts.
Help avoid being the next Insider Threat story
Insider Threats must continue to move up in priority and become an executive and board-level concern. Every board should now be thinking this is not going to happen to us. We need to address this problem. Security professionals cannot tackle this level of educational and infrastructural change on their own. Security has to be an on-going concern for everyone in an organization from the top down. Without understanding and buy in from C-level senior decision makers, there is only so much that can be achieved.
The good news is that there is a lot that organizations can do to mitigate the risk and avoid becoming the next big Insider Threat story.
Building an Insider Threat Program helps move an organization from paranoia to protection. This means involving a sophisticated tool set, staff and manager’s awareness and an efficient process. To help the CERT Insider Threat Program helps organizations consider or start making themselves more secure and more immune to reputation and financial damage.
At IS Decisions, we provide proven and powerful security solutions to thwart the insider threat and respond to emergency situations. Such technology solutions can also be used to help educate users and encourage good behavior.