Hi everyone,
I had a great time in Chicago at the Comptia event. I met some of the folks from ComptiaISO but also with other members. I did not meet anyone else from the backup world only MSPs and security people.
Out of all the bits and pieces of information that I think would be interesting here one stood out and that was the insider threat.
Many of you who are service providers know that not too long ago Veeam came out with insider protection for Cloud Connect. At the time I wondered why it was not called ransomware protection and was told that issues with insiders were much more prevalent than I realized and that was one of the key reasons for the name.
Fast forward to today. We have all heard of the massive layoffs in IT. We have also seen at times very strong rhetoric from Company executives in regards to their employees. Often this is done to get the shareholders excited i.e. “finally someone is going to kick their lazy buts to work more” at other times it comes from psychological issues of the individuals involved. Either way these factors help to create disgruntled and angry employees.
During layoffs often many of the the laid off employees keep close relationships with their former colleagues, these relationships can be at times tighter for the insiders than their loyalty to their employer.
This situation would be bad enough but now enter a new factor, the state actor. What if state actors are monitoring social media and have teams charged with finding and identifying disgruntled persons in organizations and companies?
Military, Law Enforcement, Government personnel are all trained to recognize recruitment attempts and what procedures to follow and how to react.
Are businesses doing the same with their employees? I have not seen that. If anything there is training for dealing with business competition only. (years ago at an American company that I worked for we were not allowed to have out of office messages so that the competition would not know when key people were away on vacation, and were forbidden from discussing and any aspects of internal business at restaurants as they claimed that the competition had been caught getting people to sit at nearby tables and listen in. I don’ t know if that was an overreaction or not but there was a lot of money involved so would I guess they did not want to risk).
So now you have potentially an insider nightmare. The combination of a highly motivated (read angry) insider, or person who has leveraging power over an insider due to relationship, who are backed by the full resources, both financial and intellectual of a Nation State.
Perhaps those massive layoffs or demeaning comments were not such a good idea after all.
So once again we come back to one of the cardinal rules of security even in the technical field. Don’t ignore the human factor.
Don’t let loose on the rhetoric no matter what you really think but treat people with dignity and respect. If you must layoff, do it carefully and weight all the pros and cons.
Don’t seek headlines to please investors, you might also be pleasing adversaries much bigger and stronger than you realize.
For IT professionals this means that Zero Trust and assuming breach is the only way to go.