INSIDER THREATS: Can Cybersecurity Professionals Avoid the Train Wreck?

Cybersecurity: Insider Threats

Most organizations have adopted some form of cloud implementation as part of their broader IT strategy. However, in a rush to gain a competitive edge and meet project deadlines, very few organizations have thoroughly thought through the security implications from an identity management perspective.

That reality has the potential to negatively impact all of us in a variety of ways.

The rise of heterogeneous computing systems and applications in the last two decades has led to the wide adoption of directory services for authentication and authorization. Microsoft Active Directory is the market leader by a sizable margin because of its tools to manage Windows PC’s. For that reason, it has become the de facto standard for on-premises identity management.

This leads to organizations having sizable investments in Active Directory infrastructure, and established processes and procedures to manage access to their critical assets. However, the rise of cloud computing and hybrid cloud is adding additional complexity to IT infrastructures.

Additionally, it is requiring the retraining of personnel to better understand the new security implications of cloud and third-party applications regarding access control. Unfortunately, this is all happening at a time when IT training budgets are being slashed.

See that light at the end of the tunnel? It’s a train, and a wreck is about to happen.

This security situation brings us to a sensitive topic that many organizations are reluctant to discuss: the insider threat. In Accenture’s latest annual report, the Cost of Cybercrime, the most significant cost increase came from insider attacks carried out by employees, contractors, and business partners. For example, in 2018:

  • Malicious insider attacks jumped by 15%
  • Insider attacks average $1.6 million PER ORGANIZATION
  • The impact of cybercrime is rising: $13 million PER ORGANIZATION

What does all of this mean for managing access to cloud and hybrid infrastructures? When we conduct cybersecurity training, that is by far the foremost thought on the students’ mind.

Organizations will need to have a comprehensive Identity Access Management (IAM) strategy for these new services, and security cannot be an afterthought. Have YOU, as an IT professional, asked yourself these questions as you embrace evolving cloud architectures?

1) How will cloud resources integrate with our established identity management solutions?

2) Have we established processes and systems to audit and log access to cloud-based systems?

Granted, cloud systems are still maturing in terms of offering unified identity management solutions, but given the increasing insider threat, it is an area that organizations ignore to their peril.

To close on a positive note, this looming train wreck doesn’t need to happen. Asking the right questions and receiving correct information will go a long way in mitigating this threat. Armed with those tools, the final step is the easiest.

Assemble your IT team, conduct practical training / testing programs, and and step off the track.

Michael I. Kaplan is the founder and CEO of Phase2 Advantage, and currently manages the Defensive Security initiatives of the company. He is a military veteran and a national advocate for the military affiliate community. After attending the U.S. Army’s Intelligence Center of Excellence at Fort Huachuca in Arizona in 1983, he attended the Defense Language Institute, Airborne School, several specialized Schools at FT. Bragg in North Carolina, and was assigned to the 11th Special Forces Group (AGR).

Michael was recruited in 1989 to Special Projects Group and served as an instructor and operator on a Federal International Fugitive Task Force (his FBI letters of reference can be viewed on his LinkedIn profile). He was responsible for supervising and training 325 agents who were responsible for more than 3,000 UFAP apprehensions in seven years. Michael left government service in 1994 to pursue a career in High-Threat Executive Protection as an instructor and operator, then founded Phase2 Advantage in 2014. His numerous Instructor firearm certifications are listed on the Phase2 Advantage website and LinkedIn.

Feel free to contact Michael at