Why insider threat is like a travel-sick dog
My dog always gets sick in the car. Not just the car, any car. Every car we’ve owned. Big car, little car, medium car, whatever car it is, he gets sick. Short journey, not-so-short journey. Windows down, windows up. Every single time.
But every time we embark on a journey, whether it be to the beach or the vet, I always hope that this time will be the one that doesn’t end with the floor of the car adorned with canine vomit.
Mind you, I always go prepared with a roll of kitchen towel, wipes, gloves, a plastic bag for the detritus, and an anti-bacterial cleaning spray of some kind.
Today, I truly believed that I had beaten it. We drove up, slowly, to the vet and arrived without any sign of doggie spew. And then we drove back home. Everything seemed fine. Finally, I’d cracked it, I thought to myself.
I walked into the house with the dog, he lay down in front of the couch and then, realising I’d forgotten to take the dog seat cover out of the car, I went back out again.
I opened the back door on the other side of the car and there it was – pooch puke on the floor and in the cup holder inside the door. ‘Yuck’ isn’t exactly what I said when I discovered this revolting mess and realised I’d have to clean it all up, but it’s close enough. Even writing about it now I have an urge to retch.
When I came back indoors and looked at my emails, there was a press release about security concerns and how too many firms were failing to deal with inside threats to their organisations. It’s not the first I’ve seen noting that particular issue.
Anyway, it occurred to me that trying to counter insider threats to your security must be a bit like trying to stop my dog throwing up in the car.
You can ask him nicely not to do it, drive more slowly with the windows down to make him more comfortable and put a dog car cover on the seat to try to reduce the danger of having your seat covered in canine vomit, but that won’t stop him from being sick if he’s going to be sick.
Similarly, businesses can try to educate their users not to click on links, open unsolicited emails or reply to them or plug in USB sticks someone gave them, but that won’t stop them completely.
There will always be a chance that someone internally will do something stupid that could compromise the company’s cyber security. That’s why, so often, organisations are left struggling to deal with the aftermath of a security breach or attack.
In essence, they’re a bit like me cleaning up my dog’s sick. When something goes wrong, the best they can do is to ensure they have the tools in place to clean up the mess and return everything to the way it was as quickly as possible. If it’s any consolation, at least they don’t have to spray the place with air freshener afterwards.
Unfortunately for me, I have to take the dog to the vet again. Tomorrow.