When I started writing this post, I made a typo: I wrote “Insider Treat”. That struck me as kind of funny; it’s like the opposite of a threat, right? But maybe it’s not the opposite, hear me out; You know, it’s a hot day, and you walk into an ice cream shop, where your pal Jake works. He looks up from the counter, sees it’s you, and says, “hey, we’re running a special on triple-scoop chocolate cones – free for my friends.”
Now, just based on the merit of being you, you got a freebie – a true insider treat.
And that’s when it hit me – a treat just for being you kind of is an insider threat: it’s when an employee uses their access to collect or give away inventory/info/ice cream to others.
So let’s talk about
First, What’s an Insider?
The Cybersecurity and Infrastructure Security Agency, or CISA, which operates under Department of Homeland Security oversight, defines an insider as “any person who has or had authorized access to or knowledge of an organization’s resources, including personnel, facilities, information, equipment, networks, and systems.” Its examples are extraordinarily broad. They include, among others:
Support the originator by clicking the read the rest link below.
