Lots of "Insiders" Lately..

I've noticed a lot of discussion around news(some new, some old) articles this week related to "increased insider threats".

To quote my own Slashdot post:

"Viktor Cherkashin, a former KGB officer states in his book Spy Handler, people most often commit treason based on personal needs that need to be resolved, right now. Most commonly financial reasons, it is why Aldrich Ames and Robert Hanssen both defected to spy for Soviets.

What's the ideal solution? Make your employees happy, pay them more, etc? It's difficult to stop good people from going rogue, and even worse doing pre-screening. Note even a single scope background investigation and polygraph works (see above)

And to quote Cherkashin, "The only way to be safe is to remove people from intelligence gathering, ....as long as people are involved, security threats can never be completely eliminated."

It is true, to remove the human element would eliminate many security risks. With a sound process and security architecture, we can work towards reducing this risk. Things like proper delegation of authority, peer review, and even conversation helps.

You all know how pissed off people can get when they lose a game, now imagine getting fired?! That one person shouldn't have the ability to do so much damage in the first place. At the company I interned over the summer, not even the core IT Security people had administrator rights on their own workstations...

Posted by Marcin on Friday, December 8, 2006 in Links and Security.