ONE STEP ON, TWO STEPS BACK
By Milica D. Djekic
The media will frequently report that some kind of the insider threat campaign has happened within some organization leaving after itself a devastating disaster. Such a sort of the disadvantage could cover the corporate espionage, reputation compromise through some public channels or stealing the intellectual property which all cost the community so much. At the moment, we talk about the impacts of the insider threat operations and as it is well-known the person doing so could be with the intent or absolutely careless about the idea someone could misuse their role or the access to stuffs they normally have. Having someone within some community who is willing to cause a drawback to many is a huge risk and that person or the entire group could be the part of the criminal or terrorist organization which goal is to shake the national security of some country. The capable insider threats can find their place within the critical infrastructure and that does not mean someone will turn off our electricity during the holiday season as that is feasible applying the hacker’s attack, but they can also get the role with the telecommunication or internet providers trying to conduct some malicious schemes there. That’s not annoying – that’s threatening for real. Just try to imagine all the common people coping with such a kind of the concern. The incident can be deeply far reaching and no business would survive such a sort of the obstruction.
In order to tackle that sort of the problem we should return to its source. The insider threat is that employee who would intentionally or unintentionally cause the issue to the organization he belongs. If we think a bit backward we will notice that someone the hell has hired that guy within such an enterprise. Well, the best way to prevent the insider threat activities within some organization is to carefully choose which of the potential candidates for recruiting will be selected to get the role with that community. Many large-scale businesses will buy intelligence and provide a continued training to their human resources staffs and in such a case the risk will be reduced, so far. Also, the gigantic companies can order a service of the head hunting agencies attempting to select the top and most trusted candidates to some position. Once some high level person gets an employment within some organization that staff will be contacted to refer someone else and that’s how it goes today – the referral means a lot on the ongoing marketplace. By that, we assume the recommendation of the trusted individual who is with good competency to explain and understand the needs of the organization. So, if we have come to the source we should know that the most targeting staffs to be trained are those serving with the HR department as they make a decision about who will join the organization and who will not. In other words, those people should have a skill as in such a case they are the decision makers and if there appear any complications they are directly responsible for the consequences. In addition, the rest of the employees should be aware about the community’s interests as they once skillfully manipulated can become the carless threat to the entire organization.
The crucial thing with the insider threats is the access to some permissions and privileges that can be misused in order to someone takes advantage over someone else’s weaknesses. In the time of the competitive economies and so arising risk from the terrorism, being capable to prevent the unwanted events within some community is a huge benefit. Many serious organizations will follow that best practice, but some flaws will occur from time to time and that is natural as long as there is the strong awareness and preparedness to such a sort of the crises.
About the Author
Milica D. Djekic is an Independent Researcher from Subotica, the Republic of Serbia (Europe). She received her engineering background from the Faculty of Mechanical Engineering, University of Belgrade. She writes for some domestic and overseas presses and she is also the author of the book “The Internet of Things: Concept, Applications and Security” and “The Insider’s Threats: Operational, Tactical and Strategic Perspective” being published in 2017 and 2021 respectively with the Lambert Academic Publishing. Milica is also a speaker with the BrightTALK expert’s channel and Cyber Security Summit Europe being held in 2016 as well as CyberCentral Summit 2019 being one of the most exclusive cyber defense events in Europe. She is the member of an ASIS International since 2017 and contributor to the Cyber Defense Magazine since 2014 and the Australian Cyber Security Magazine since 2018. Milica’s research efforts are recognized with Computer Emergency Response Team for the European Union (CERT-EU), Censys Press, BU-CERT UK and EASA European Centre for Cybersecurity in Aviation (ECCSA). Her fields of interests are cyber defense, technology and business. Milica is a person with disability.
