DeepSec 2021 Talk: Those Among Us – The Insider Threat facing Organizations – Robert Sell
Organizations spend a considerable amount of time and money protecting themselves from external threats while practically ignoring the significant threats from within. Cybercrime has an estimated cost of $2 trillion in 2019 with an average cost per data breach of $3.9 million. This global cost is expected to grow to $6 trillion annually by 2021.
In 2018, 34% of those data breaches involved internal factors and this trend continues to grow. This hard on the outside but soft in the middle approach by Information Security departments leaves organizations susceptible to a variety of insider threats that could be avoided. In this talk, I will present the extent of the issue, the types of insider threats to expect and how organizations can mitigate these risks.
We asked Robert a few more questions about his talk.
1) Please tell us the top 5 facts about your talk.
- This is a new talk which I have not given before.
- I have never heard another talk on Insider Threat before.
- Insider Threat is like an iceberg. What we see is just a small fraction of the actual loss in proprietary data and therefore competitive advantage.
- The global loss from Insider Threat is expected to exceed 6 trillion by 2021.
- Insider Threats take a few different forms and you can expect one version of these to be active in your company right now.
2) How did you come up with it? Was there something like an initial spark that set your mind on creating this talk?
I used to watch people back up their data just before they gave notice. This was a curious process which I always thought was a drain on the company as many of these people went to the competitor. I didn’t realize how big this problem was until I began my research.
3) Why do you think this is an important topic?
If your company has intellectual property that allows it to be competitive, someone else will notice this and want to take it from you. Insider threat is their likely course of action. Knowing how they attack, may help you defend.
4) Is there something you want everybody to know – some good advice for our readers maybe? (Except for “come to my talk”)
Without proper Insider Threat knowledge and diligence, your hard working staff are simply the R&D arm of another company but getting paid by you.
5) A prediction for the future – what do you think will be the next innovations or future downfalls when it comes to your field of expertise / the topic of your talk in particular?
The trend is showing this issue getting worse and attackers becoming more brazen. Remote workers allow criminal activity with difficulty in prosecution. The onus will be on private companies to protect their belongings as the expectation now is others will take it from you if you don’t stop them.
Founder and president of the Trace Labs Organization which organizes crowd sourced OSINT for locating missing persons. Robert is also Senior IT Manager in the aerospace industry where he provides security guidance around the world on various topics including social engineering, open source intelligence as well as physical security. Robert has spent an increasing amount of time building defenses against social engineering, open source intelligence, insider threat and physical security. He has spoken about the rising risk at numerous events around the world and on different security podcasts.