Insider Threats in Comparative Perspective: Lessons Learned from Past Mistakes

摘要

This paper identifies six mistakes that security-conscious organizations have made that exacerbatedrninsider threat problems and created dangerous incidents: (1) Assuming that serious insider problems are NIMOrn(Not In My Organization); (2) Focusing only on malicious insider threats; (3) Forgetting that insiders can knowrnabout insider threat protection methods and therefore work around them; (4) Assuming that security rules arernfollowed (or forgetting there are rules about when it is okay to break rules); (5) Using “Red Team” exercises,rnbut forgetting that red teams and protection forces have insiders too; and (6) Assuming that Red Flags will bernread properly. The diversity and complexity of insider threat causes warns us to avoid “the myth of absoluternsecurity.” Serious prevention efforts should therefore always be supplemented with equally serious emergencyrnresponse and mitigation efforts.