Intended and Unintended Insider Threat
Nearly every presentation at IT security conferences at some point references influencing the culture of the organisation as a key element for sustainable information security. People and their behaviour are as often cited as both the biggest potential asset and the biggest potential threat to cyber security.
Massive strides are being made by current technology vendors to analyse what people are currently doing. Yet efforts to wield influence to change staff behaviour is usually restricted to efforts around top-down support and/or policy endorsement.
The Solution
If the hackers are using social savvy and psychology to manipulate people to (often unwittingly) betray their organisations, why can’t the good guys counterpunch using similar techniques and understanding? We can and we should.
Doing so means a partial pivot away from a total focus on technology innovation and toward an examination of the deep cultural influences in play at your organisation. Understanding the deep cultural triggers and trends that exert pressure on individual's behaviour sometimes in spite of corporate values and governance, is the key to minimising the unintended insider threat and more clearly exposing malicous actors.
