Categories
News

Unprecedented Shift: Council On Foreign Relations Survey Highlights Domestic Terrorism As Top Concern For U.S. Foreign Policy Experts In 2024

Unprecedented Shift: Council On Foreign Relations Survey Highlights Domestic Terrorism As Top Concern For U.S. Foreign Policy Experts In 2024

Overview:

Every year, the Council on Foreign Relations does a survey called the Preventive Priorities Survey. This survey shows a shift in the priorities of foreign policy experts.

For the first time in sixteen years, the poll says that the biggest worry in the United States is domestic terrorism and political violence (insider threats), especially in the months leading up to the 2024 presidential election.

According to the poll, there are three very likely and important outcomes:

1. Election-related violence in the US;
2. The conflict between Israel and Hamas getting worse and leading to a bigger war in the region; and
3. A lot of people are coming to the southwest border of the US because of what’s happening in Central America and Mexico.

Another important problem is the chance of a military conflict with either Russia or China.

The head of the Centre for Preventive Action talks about how the threat of foreign terrorism is going down while the threat of armed conflicts, especially those between Russia and China, is going up.

Tier I threats include tense relations between Russia, China, Taiwan, and North Korea; division in American politics; conflicts in the Middle East; problems with migration; and eight other situations.

Categories
News

Insider Threats Can Penetrate Any Organisation, State Or Government

Insider Threats Can Penetrate Any Organisation, State Or Government

The recent embezzlement scandal within the Vatican involves prominent individuals, spans multiple countries, and astonishingly involves covertly recording the Pope himself.

Inside the high walls of the Holy See, Cardinal Giovanni Angelo Becciu, former head of the office of “miracles” that minted saints, was considered papabile, a possible next pope.

Then his career collided with church prosecutors, who charged the 75-year-old Italian and nine other officials with corruption, setting up the Vatican’s trial of the century.

Last Saturday, Becciu, the first cardinal tried by the Vatican’s little-known criminal court, was found guilty of several counts of embezzlement after a trial marred by allegations of witness tampering and papal interference. Becciu was sentenced to five years and six months in a verdict read out in a converted quarter of the museum that houses the Sistine Chapel.”

You can find out more by visiting the following link.

Categories
News

Australian Prudential Regulation Authority (APRA) Finds Gaps In How Banks Manage Data

Australian Prudential Regulation Authority (APRA) Finds Gaps In How Banks Manage Data

APRA conducted a multi-year study on banks’ data management practices, identifying gaps and offering six recommendations for improvement.

The study, initiated in 2019, examined data risk management among banks by evaluating 100 Critical Risk Data Elements (CRDE) and conducting subsequent reviews.

The results showed that although there have been some recent improvements in data practices, progress in enhancing these practices has been slow.

APRA’s suggestions include establishing data governance, clarifying roles for data ownership, simplifying technology infrastructure, identifying critical data elements, monitoring data quality, and integrating data risk into management frameworks. The regulator highlighted the importance of data in decision-making and urged directors and executives to prioritise data protection.

APRA intends to continue focusing on data risk management through its guidelines and emphasises the need for entities to prioritise identifying critical data elements, remediating data issues, enhancing technology platforms, and making data more accessible and accurate.

The regulator stressed the importance of streamlining processes, automating controls, and improving data quality to meet the increasing demand for data from customers, clients, and regulators.

Similar assessments were also extended to life insurers and superannuation companies to better understand their risk practices, following concerns about incorrect regulatory submissions.

You can find more by visiting the following link.

APRA is the Australian Prudential Regulation Authority, established 25 years ago as an independent statutory authority that supervises institutions across banking, insurance, and superannuation sectors and is accountable to the Australian Parliament. You can find our more about APRA.

Categories
Article

From Disgruntled To Dangerous

From Disgruntled To Dangerous

Exploring The Role Of Employee Discontent

“The difficulties of life are intended to make us better, not bitter.”
– Unknown

When an organisation hires a new employee, they look for the suitable skills, qualities, and capabilities they think will best fit their organisation.

Organisations understand the critical importance of recruiting the right employees and invest considerable effort and resources.

Organisations often utilise multiple recruitment channels to attract the right talent, including job boards, social media, and professional networks.

They meticulously screen resumes, conduct thorough interviews, and may even administer skills assessments or personality tests.

Reference checks and background verifications are standard procedures to ensure a candidate’s credibility.

Furthermore, organisations aim for a cultural fit, looking beyond qualifications to assess a candidate’s alignment with the company’s values and mission.

Indeed, organisations meticulously plan their recruitment processes, believing the individuals they bring on board will contribute positively to their teams and work culture.

They do not anticipate a new hire becoming unhappy, unaccommodating, or frustrated.

At no point do they think that their new employee will potentially vent their anger to their surrounding employees and their managers.

Their optimism stems from the thorough vetting and selection processes designed to ensure a strong match between the candidate’s qualifications, experience, and personality and the job’s requirements.

Organisations may strive to create a supportive and engaging work environment. However, a thriving and beneficial relationship between employees and employers is not guaranteed. It can all be undone very simply when an unfortunate workplace event occurs.

Take the following two examples:

Example #1: Apple Huge Reveal

Just days before Apple’s 2017 huge reveal, a disgruntled employee is believed to be the leak that compromised the anticipated event centred around the iOS 11 GM.

According to a September 9, 2017, Apple Insider report, it is suspected that a disgruntled employee revealed proprietary/confidential information regarding new features and hardware of the iOS 11 GM, new AirPods revision, “Face ID” facial recognition details and setup process, a new “animoji” feature for Messages, and the apparent marketing names of Apple’s forthcoming iPhone line-up; iPhone8, iPhone 8Plus, and iPhone X.

Example #2: Georgia-Pacific Mill Hack

IT specialist and systems administrator hacked his former employer, Georgia Pacific.

What Happened?

The former administrator was terminated from his employment in February 2014 and escorted off George-Pacific’s Hudson Mill premises. Despite his termination, his access to corporate applications remained in place.

The former employee was found to have an open virtual private network connection to the Georgia-Pacific Mill’s network. With this connection, he intentionally transmitted harmful code and commands to the system, sometimes bringing the mill’s production to a standstill.

FBI agents assigned to the case concluded that he intentionally sabotaged his former employer as payback.

These two examples show the scope of security risks disgruntled employees bring.

Let’s get into the details of what disgruntlement is.

What Is Disgruntlement?

Disgruntled workers are employees who feel unsatisfied with their jobs and tend to express dissatisfaction through complaints. Interestingly, the word “disgruntled” derives from the archaic term “gruntled”, which originally meant ‘’to grumble”.

In other words, a disgruntled employee is someone at your organisation who is more often than not upset and showing it by, you probably guessed it, grumbling.

Any organisation can have a disgruntled employee or two.

Often, workers get upset for minor reasons like a co-worker not helping them on a project, someone stealing their ideas as their own, not being appreciated, being overworked or not getting a pay increase.

Sometimes, an employee may even be disgruntled because of something at home that is almost entirely out of the organisation’s control.

So, no matter how well you run your organisation, you may occasionally come up against a disgruntled employee.

In short, the individual’s dissatisfaction is intimately linked to unmet expectations. They had hoped for specific outcomes or experiences in their job or life, but when these expectations weren’t fulfilled, it left them feeling disheartened and discontented.

It can be best presented by the following graph:

Here is an excellent example of an article, “The Case of Disgruntled Nurses”, which explores the concept in a real-life organisational situation. It highlights several factors and events contributing to employee disgruntlement within Oneida Home Health Agency (OHHA).

The Case of Disgruntled Nurses (By majillani | Studymode.com)

Source: https://www.scribd.com/document/252711976/The-Case-of-Disgruntled-Nurses-03-22-2014

Background

  • OHHA received a letter from its staff council highlighting concerns and suggestions that violated the organisational hierarchy.
  • Rachel Nelson, the executive director, and Annemarie, the nursing director, had been working to address financial issues and improve accountability, productivity, and quality.
  • Some staff members resisted these changes, leading to conflicts and the letter sent to the board.

Problems and Causes

  • Rachel and Annemarie introduced changes without fully understanding the negative reactions from some staff members.
  • Senior nurses, accustomed to lenient supervision, resisted the new bureaucratic structure.
  • The introduction of a more complex documentation system increased paperwork, which nurses disliked.
  • The previous culture lacked criticism and penalties for poor performance, leading to job satisfaction among senior nurses.

The Case for Disgruntlement

  1. Unmet Expectations: The article discusses how management and organisational structure changes led to unmet expectations among the staff. This unmet expectation is a primary driver of disgruntlement.
  2. Conflict and Resistance: It describes the conflicts that arose due to staff resistance to the changes introduced by Rachel and Annemarie. This resistance manifests their disgruntlement with the new systems and management.
  3. Negative Perceptions: The article delves into how negative perceptions and mistrust developed between Annemarie and the senior nurses. These negative perceptions are rooted in their disgruntlement with each other’s actions and decisions.
  4. Recommendations for Resolution: The article proposes various solutions to address the disgruntlement, including replacing senior nurses and considering Annemarie’s termination. These recommendations directly relate to resolving the issue of disgruntlement among the staff.
  5. Conclusion on Communication: The article emphasises the importance of effective communication and understanding between managers and employees to overcome disgruntlement and improve organizational performance.

In Summary

The article’s specificity on disgruntlement lies in examining the various aspects, causes, and consequences of employee dissatisfaction and resistance within OHHA.

It explores how these factors contribute to the overall sense of disgruntlement within the organisation and provides recommendations for addressing this issue.

The question, then, is, why do some people become highly disgruntled or even vengeful? What makes some carry out malicious acts while others exposed to the same events and conditions do not act maliciously?

The transition from disgruntlement to vengeful behaviour is a complex process influenced by various individual and situational factors.

For example, just because two employees have a disagreement or passionate argument at work does not automatically assume they will come back and physically harm one another.

Most of us won’t react with violence, no matter how much injustice we may face. So, what differentiates us from those who do?

Let’s take a step backward to try and understand what we mean by unmet expectations.

Unmet Expectations

Unmet expectation is a situation whereby the individual feels disappointed because what they thought would occur didn’t happen, which can be best described in the following picture.

A precipitating event refers to a specific incident or situation that triggers a significant change or action, often with profound implications for employees and the organisation.

This event can range from a sudden economic downturn, a significant restructuring, a workplace accident, a leadership change, or any other occurrence that disrupts the usual course of business.

For employees, a precipitating event can catalyse change in their work environment, job roles, or expectations. Depending on how it impacts their circumstances (disposition), it can lead to various emotions, including uncertainty, anxiety, or even rage.

Employees often need to adapt, make critical decisions, or potentially face new challenges in response to such events, significantly affecting their job security, job satisfaction, and overall well-being.

For example, when new employees join a new organisation, they often come with expectations and anticipations.

These expectations can encompass a wide range of factors, such as job roles and responsibilities, workplace culture, compensation and benefits, opportunities for growth and development, work-life balance, and the overall experience within the organisation.

New employees typically expect clear communication about their job roles and responsibilities, a welcoming and inclusive workplace environment, fair and competitive compensation, opportunities for skill development and career advancement, and a healthy work-life balance.

On the other hand, organisations have their expectations when hiring new employees.

They anticipate that new hires will contribute effectively to the organisation’s goals and mission, follow business policies and procedures, work well with colleagues and teams, adapt to its culture, and demonstrate a commitment to success.

They also expect new employees to be proactive in their roles, show dedication and enthusiasm, and continuously seek ways to improve their skills and contribute positively to the workplace.

The alignment of these expectations from the new employees and the organisation is crucial for a successful and productive employment relationship.

What happens when expectations are not matched or fulfilled?

There is misalignment.

According to the Gallup State of the Global Workplace 2023 Report, only 23% of employees are engaged.

However, 59% of employees are referred to as “quiet quitters”, or what I call disengaged.

These employees are filling a seat and watching the clock. They put in the minimum effort required and are psychologically disconnected from their employer.  Although minimally productive, they are more likely to be stressed and burnt out than engaged workers because they feel lost and disconnected from their workplace. They are also likelier to make mistakes and not follow cybersecurity corporate policies.

A very worrying sign is that 18% of employees are called “loud quitters” or highly disengaged.

These employees take actions that directly harm the organisation, undercutting its goals and opposing its leaders. At some point, the trust between employee and employer was severely broken. Or the employee has been woefully mismatched to a role, causing constant crises.

Let’s take a further step backward to try and understand why humans behave the way they do by understanding their disposition.

Personal Disposition 

Refers to an individual’s inherent characteristics and traits that influence their behaviour, attitudes, and interactions with colleagues and the work environment. It includes aspects such as their temperament, personality traits, values, and emotional tendencies, which collectively shape their approach to work, teamwork, and decision-making within the organisation.

For example, individuals with low self-esteem or poor emotional regulation may be more prone to lash out vengefully when they feel wronged. Here are some examples of personal disposition found in insider cases:

  • Conflict with fellow workers
  • Bullying and intimidation of co-workers
  • Serious personality conflicts
  • Unprofessional behaviour
  • Inability to conform to rules
  • Difficulties controlling anger

Example: Off-duty Alaska Airlines Pilot Charged With Attempted Murder

What Happened?

An off-duty Alaska Airlines pilot has been charged with 83 counts of attempted murder after he allegedly tried to shut off a plane’s engines mid-flight.

He was riding as a standby employee passenger in the cockpit “jump seat” when the airborne altercation occurred.

After a brief scuffle inside the flight deck with the captain and first officer, the off-duty pilot ended up restrained by cabin crew members and was arrested in Portland, Oregon, where the flight was diverted and landed safely.

Behind the Scenes

Alaska Airlines reported no blemishes in the employment record of the charged pilot. The head of a California flying club he once belonged to said his alleged behaviour was completely at odds with the meticulous, mild-mannered family man he remembered him to be.

According to the affidavits, the charged pilot told police after his arrest that he was suffering a mental crisis during the incident and had struggled with depression for the past six months.

The court documents said he also told police that he had taken “magic mushrooms” for the first time, ingesting them about 48 hours before boarding the plane.

During the check-in or boarding process, employees did not observe any signs of impairment that would have led them to prevent the off-duty pilot from flying.

Depression is certainly a significant global health issue that affects millions of people.

Depression is a debilitating mental health condition characterised by persistent feelings of sadness, hopelessness, and a loss of interest in daily activities.

Depression was one of the reasons why a German Wings co-pilot deliberately crashed his Airbus A320, some 100 km north-west of Nice in the French Alps in 2015, killing all people on board.

Depression’s impact is substantial, both in terms of individual suffering and the broader societal and economic consequences.

Personal disposition can be broken into the following subcategories.

Perceived Injustice reflects the unfairness or injustice toward them that can fuel vengeful feelings. If someone believes they have been treated unfairly or suffered a significant injustice, they may be more likely to seek revenge to restore what they see as justice. For example:

  • Being passed over for promotion
  • Being passed over for a salary raise
  • Demotion
  • Being passed over for a project
  • Transfer to a different department
  • New supervisor hired
  • Access changed
  • Co-worker overriding decisions
  • Bonus lower than expected
  • Responsibilities changed 

Individual Difference means that different people have different levels of perceiving situations, whether good or bad. Some people have other ways to cope with unpleasant situations. Some individuals may have a predisposition towards aggression or a higher level of hostility, making them more likely to respond to disgruntlement with vengeful behaviour. Others may be naturally more resilient and better at managing their emotions. 

Trust Gap is the difference in how much employees and employers trust each other in their professional relationships regarding factors like confidence, transparency, and mutual reliance. A large trust gap increases the doubts and suspicions that may arise when employees feel their employer is not forthcoming, fair, or consistent in their actions, decision-making, and communication, potentially leading to decreased job satisfaction, motivation, loyalty and increasing criticism of management and business. 

Past Experiences refers to an event or events that have happened in the past but have shaped the person’s behaviour.

For example, someone who has had past issues with the following scenarios:

  • Had security violations
  • Harassment or conflict with co-workers
  • Difficulties controlling anger
  • Unprofessional behaviour
  • Bullying and intimidation
  • Intoxication
  • Personality conflicts
  • Arrested
  • Hacking
  • Misuse of organisation assets

Moral and Ethical Values refer to an individual’s personal values and moral compass that can encourage or discourage vengeful behaviour. Some individuals may prioritise forgiveness and conflict resolution, while others may prioritise retribution.

Opportunity and Risk refer to the universal law of pain and pleasure. If someone believes they can exact revenge without severe repercussions, they may be more inclined to do so. 

Social Support means the presence of a strong support network, such as

family and friends can provide the foundation to help discourage an individual from responding to grievances. At the same time, the lack of support can exacerbate the feeling of revenge as an acceptable or expected response to perceived slights or wrongdoings. In some cultures, retaliation may be seen as a better or even expected response to perceived slights or wrongdoings.

Financial Challenges frequently introduce workplace stressors. The ongoing concern of meeting financial obligations can prove distracting, hindering one’s ability to concentrate on job responsibilities. Additionally, financial instability can trigger personal problems that extend into the workplace, encompassing issues like interpersonal conflicts, disputes with supervisors, increased absenteeism and possible aggression.

Substance Abuse can be a significant danger to both them and the workplace. Substance abuse can impair their judgment and decision-making, leading to potential safety hazards and mistakes in tasks or responsibilities. Furthermore, it can result in absenteeism, tardiness, and decreased productivity, ultimately affecting the organisation’s overall efficiency. Interpersonal relationships may suffer due to erratic behaviour and conflicts with co-workers. It can jeopardise their well-being and endanger the stability and effectiveness of the workplace, making it a critical issue.

Tipping Point

After understanding why specific individuals become dissatisfied while others become profoundly disgruntled, despite identical circumstances or events, what factors might drive an employee to contemplate taking hostile actions against their organisation?

What is their tipping point?

Imagine that you were laid off from work. Would you seek justice and reprisal for the grievance?

Let’s take a look at the following actual case scenario that happened in Santa Clara.

Example: Shooting In Their Workplace

Hours after being laid off in November 2008, a product test engineer at a Santa Clara, CA, technology company returned to his former place of employment to clean out his desk.

While doing so, co-workers said he suddenly became agitated and entered the office of the company CEO.

Co-workers did not know the former employee had brought a 9 mm pistol to the office.

The next thing the workers heard was a rapid succession of gunshots. When the shots ended, the CEO, vice president of operations and the head of human resources were dead.

What made the test engineer take such extreme actions? What made this person dangerous?

Every person has a critical or turning moment when a situation or behaviour crosses a threshold, leading to a significant and often irreversible change.

Every person has a different tipping point.

Every person has a different recourse.

However, some employees may take a more negative course of action against their organisation when they feel extremely disillusioned, unsupported, or desperate due to unresolved issues or perceived mistreatment.

Several factors can contribute to this:

  1. Extreme Discontent: A prolonged period of discontent, frustration, or feeling ignored can push employees to consider more negative actions to vent their anger or seek retribution.
  2. Lack of Options: When employees believe they have exhausted all available options within the organization and still haven’t found a satisfactory resolution, they may turn to more negative actions as a last resort.
  3. Revenge or Retribution: In cases of severe grievances or perceived injustices, some employees may act out of a desire for revenge or to make the organization pay for what they perceive as wrongs committed against them.
  4. Personal Crisis: Personal crises, whether financial, emotional, or related to their work environment, can amplify an employee’s negative feelings and lead them to take extreme actions as a form of coping or out of desperation.
  5. Influence from Others: Negative actions can be influenced or encouraged by peers, colleagues, or external parties who may share similar grievances or have ulterior motives.
  6. Disregard for Consequences: Some employees may decide on negative actions when they believe the potential consequences, such as termination or legal issues, outweigh their perceived need to express grievances.
  7. Lack of Trust: If employees perceive that the organization lacks transparency, integrity, or a commitment to addressing their concerns, they may see negative actions as the only way to force attention to their issues

Think of the above points as pressure/stress points that gradually lead to a significant crisis.

Such a crisis can potentially propel the individual to prioritise seeking harm to others.

Revenge is a complex human behaviour that people seek for various reasons.

  1. Emotional Satisfaction: Revenge can provide a sense of emotional satisfaction or closure to someone who feels wronged. It allows them to feel like justice is served and that they’ve regained some control or power in a situation where they may have initially felt helpless.
  2. Deterrence: Seeking revenge can also serve as a deterrent. If someone believes that taking revenge will discourage others from harming them or their interests in the future, they may be more inclined to seek revenge.
  3. Restoration of Self-esteem: Revenge can help restore an individual’s self-esteem or self-worth. When someone is hurt or feels disrespected, seeking revenge can make them feel like they’ve regained their honour or self-respect.
  4. Psychological Closure: Some people use revenge to achieve psychological closure. They believe that by retaliating, they can put an end to the psychological distress or trauma caused by the initial harm.
  5. Social Validation: In some cases, revenge can be a way to gain social validation or support. When others acknowledge and support the avenger’s actions, it can provide a sense of belonging or group cohesion.

In the above example, the test engineer gained satisfaction by causing the ultimate pain to others, even though he knew that his actions would undoubtedly doom him for the rest of his life.

Takeaway 

Understanding tipping points is valuable for predicting or influencing human behaviour, as it helps identify when a situation is ripe for change or when a small action or event can have significant cascading effects.

It also underscores the idea that relatively minor factors sometimes trigger significant shifts in behaviour or outcomes.

Importantly, employees typically do not start their day with the intention of causing harm to their organisation.

Negative thoughts or actions toward their workplace usually develop over time, often due to various factors such as dissatisfaction, frustration, or perceived mistreatment.

These feelings can simmer beneath the surface, gradually intensifying until they reach a point where an employee may contemplate taking negative actions.

The key message here is that there is a window of opportunity for intervention.

Rather than solely focusing on punitive measures when employees exhibit signs of disgruntlement or dissatisfaction, organisations can take a more proactive and supportive approach.

By identifying these early warning signs and addressing the underlying issues, employers can help employees reorient their thinking and behaviour toward a more positive and constructive direction. This approach mitigates potential harm and fosters a healthier, more productive work environment.

Therefore, organisations must create a supportive, transparent, and respectful work environment, actively address employee concerns, and provide outlets for resolving disputes to prevent employees from feeling driven to such extreme actions.

Additionally, promoting mental health and well-being initiatives can help employees cope with stress and grievances in healthier ways.

Categories
News

International Fraud Awareness Week

International Fraud Awareness Week

Organisations worldwide lose an estimated 5% of their annual revenues to fraud, according to Occupational Fraud 2022: A Report to the Nations. Fraud takes many forms, including corporate fraud, consumer fraud, tax fraud, identity theft and many others.

The seriousness of the global fraud problem is why the Australian Institute of Insider Threats announced that it will be participating in International Fraud Awareness Week, Nov. 12-18, 2023, as an official supporter to promote anti-fraud awareness and education. The movement, known commonly as Fraud Week, champions the need to proactively fight fraud and help safeguard businesses and investments from the growing fraud problem.

Fraud is an issue that unfortunately affects people from all walks of life around the world, and it takes many forms. Whether it’s a trusted employee stealing from a small business or organised rings of fraudsters targeting seniors in our community, most people know someone who’s been victimised by fraud. That’s why it’s so important for organisations to join this fight to raise awareness during this week. It is a serious problem that requires a proactive approach toward preventing it, and educating people is the first step.”

Every November, hundreds of organisations worldwide pledge to increase fraud awareness in their workplaces and communities. You can find more by visiting the International Fraud Awareness Week.

Categories
News

Approximately 38% Of CSOs View Violence Against Employees In India As A Greater Internal Threat

Approximately 38% Of CSOs View Violence Against Employees In India As A Greater Internal Threat

The threat of insider fraud and violence against employees are anticipated to be greater security threats in India in the coming year than anywhere else in Asia Pacific.

According to the World Security Report published by G4S, hackers, protestors, and spies pose the most concern out of all threat actor groups for next year at 57%.

Link: https://ciso.economictimes.indiatimes.com/news/cybercrime-fraud/about-38-of-csos-view-violence-against-employees-in-india-as-a-greater-internal-threat/104315549

Categories
News

2023 Cost of Insider Risk Global Report

2023 Cost of Insider Risk Global Report

The upward trends associated with incident costs, frequency, and time to contain demonstrate that current approaches to insider risk are simply not working. In fact, the numbers clearly show we are going backwards.

If you don’t understand the risk, you will never understand the threat.

At a glance:

  • $16.2M USD is the average cost of an insider risk
  • 86 Days is the average number of days to contain an insider incident
  • 8.2% security budget spent on insider risk management

Click the link to download the 2023 Cost of Insider Risk Global Report: https://www.dtexsystems.com/resource-ponemon-insider-risks-global-report/

Categories
News

Insider Threat Awareness Month

Insider Threat Awareness Month

September 2023 is the fifth annual National Insider Threat Awareness Month, according to the National Counterintelligence and Security Centre.

What is Insider Threat Awareness?

Like cybersecurity awareness, insider threat awareness is the importance of being aware and vigilant when it comes to protecting sensitive organisation information from malicious insiders, account compromise attacks as well and accidental incidents.

What is an Insider?

An insider is anyone that has, or has had access to an organisation’s resources, facilities, information, network or systems.

What, Exactly, is an Insider Threat?

An Insider Threat is someone who has authorised access to an organisation’s assets that either intentionally or accidentally causes harm to those assets.

Whether it involves a disgruntled employee seeking retribution, a worker looking to profit over the sale of proprietary data, or simply someone accessing data for the sake of curiosity, insiders are as important a consideration as any external threat. An external attacker who compromises a user’s account is also considered an insider threat since that individual now has authorised access to that user’s accounts, data, and applications.

 

Resources:

1. 2023 Insider Threat: Vigilance Campaign – The 2023 Insider Threat Vigilance Campaign by the Centre for Development of Security Excellence (CDSE) provides regular messaging around insider threat awareness material that can help reinforce understanding – https://www.cdse.edu/Portals/124/Documents/jobaids/insider/INTVigilanceCampaign.pdf

2. National Insider Threat Awareness Month (NITAM) – https://securityawareness.usalearning.gov/cdse/nitam/index.html

3. Naked Insider has a vast library of articles, videos and books providing a wide array of education and awareness of the risk the trusted insiders can pose – www.nakedinsider.com

Categories
News

New York Knicks File Lawsuit Against Toronto Raptors for Alleged Theft of Scouting Reports

New York Knicks File Lawsuit Against Toronto Raptors for Alleged Theft of Scouting Reports

The New York Knicks sue the Toronto Raptors over claims of stolen materials used in scouting reports.

Even in the NBA, the largest basketball league in the US, cases of insider information misuse have arisen.

A lawsuit filed in Manhattan federal court alleges that Ikechukwu Azotam, a former employee of the New York Knicks across various departments, covertly forwarded confidential data to his personal Gmail account before sharing it with the Toronto Raptors, where he had accepted a position.

The Knicks contend that the Raptors utilised this proprietary information to support their newly appointed head coach, Darko Rajaković, in structuring coaching operations. Azotam, who had signed a confidentiality agreement, stands accused of breaching this agreement by disseminating sensitive materials.

The lawsuit names the Raptors organisation, Azotam, Rajaković, player development coach Noah Lewis, and other unnamed Raptors employees as defendants. The Knicks emphasise the significance of maintaining the confidentiality of these materials to preserve their competitive edge.

The lawsuit claims that the Raptors accessed approximately 3,000 files containing “film information and data” through the Knicks’ Synergy Sports Software, with over 2,000 accesses by 15th August.

Categories
News

Tesla Attributes Massive Employee Data Leak to “Insider Wrongdoing”

Tesla Attributes Massive Employee Data Leak to “Insider Wrongdoing”

Tesla's May data leak affecting over 75,000 workers is attributed to former employees, according to the automaker.

Data exposed in the breach was disclosed to German media outlet Handelsblatt, as stated by Tesla’s data privacy officer, Steven Elentukh, in a submission to the Maine attorney general’s office.

Handelsblatt informed Tesla that it had received sensitive information, including identifiable details like names, addresses, phone numbers, and social security numbers, as per Tesla’s submission dated 18th August.

At that time, Tesla identified the employees responsible for the leak, initiated legal action against them, and confiscated their devices, the company announced.

In the United States, companies are required to report data breaches of a certain magnitude to relevant authorities, with legal requirements varying from state to state.

This breach incident follows a Reuters report in April, which revealed that groups of Tesla employees privately shared customer information, including videos and images captured by car cameras, via internal messaging systems.