|

Insider Risk Management

While the entirety of risk management is undoubtedly now more complicated, Insider Risk in particular continues to be one of the most difficult to detect and reduce.

CISA defines insider threat as the threat that an insider will use their authorized access, intentionally or unintentionally, to do harm to the department’s mission, resources, personnel, facilities, information, equipment, networks, or systems.

The most recent example and very significant “Insider” breach occurred earlier this week, when a 21-year-old (age as a risk?) Air national guard technology support staffer was arrested following a series of reports identifying him as the leader of a group on gamer site Discord, where documents with significant intelligence on adversaries as well as allies were posted in recent months before spilling over onto other social media sites.

Jack Teixeira, was in a relatively low-ranking position, but one that still came with access to the Pentagon’s Joint Worldwide Intelligence Communications System (JWICS)

Has insider risk been identified as one of your risk sources and how is it being mitigated, monitored and surveiled in your organization?

If not now, then when?

Keep your friends closer but your “employees” closer? (my words/question)

Similar Posts

Can Your Leaders “Decisions” Affect Your Company’s Future or Profits?

ByKen Hackshaw

And the answer is…………..you decide… Twitter threatens trade secrets lawsuit over Meta’s Threads app. Alex Spiro, a lawyer for Twitter, accused Meta of engaging in “systemic, wilful and unlawful misappropriation of Twitter’s trade secrets and other intellectual property” in a letter addressed to Zuckerberg dated Wednesday. The letter claimed that Meta had hired “dozens” of…

Companies Must Embrace Modern Risk Management

ByKen Hackshaw

Risk management has never been more relevant in an increasingly volatile, complex, and hyperconnected world and should be considered a force multiplier. Yet, many large and small organizations have yet to deploy effective modern-day risk management. How many organizations adjust/tweak their strategic plans as risks emerge and are amplified? How many are considering future risks that may…

An Example of Why Strategic Plans Must Be Agile…

ByKen Hackshaw

As companies develop their strategic plans, I submit that agility must be one of the pillars of that plan. Companies must employ horizon scanning, using both a microscope and telescope to ensure they are looking at not only what is happening and immediate (what is close) but also what can happen (i.e., future-proofing) and what is farther away….

|

Power Grid Attacks: Are We Concerned Yet?

ByKen Hackshaw

“Just three days before two electrical substations were shot up, causing tens of thousands of customers to lose power in North Carolina, the federal Department of Homeland Security issued a bulletin warning “lone offenders and small groups” could be plotting attacks and that the nation’s critical infrastructure was among the possible targets”… ABC News (USA) The…

|

Moving Beyond the “ROBOTICS” of Risk Management

ByKen Hackshaw

As you prepare to face the week ahead (professionally and personally), I would like to take a small point of privilege and respectfully suggest that effective and modern risk management is not, cannot be, just the methodologies, the standards, or the processes. Modern risk management is not a stand-alone process or a “fait accompli.” Much more…

|

Objects in the Mirror Are Closer Than They Appear

ByKen Hackshaw

“Objects in the mirror are closer than they appear” is the “warning sign” on your vehicle’s door mirrors. Applying this warning to the risk management space, one can identify Examples of risks that are much closer to your organization (and you) than they may appear to be:  I would also like to “tweak” that warning sign and…