Insider threat reporting by the numbers

I don’t normally take security advice from goats, but I think I need to make an exception for Red Goats. A recent report on insider threats from Red Goat Cyber Security made for fascinating and actionable reading.

The report is based on a study of 1100+ professionals in multiple companies, industries and countries and focuses on when and how employees would (or would not) report suspicious insider activity.

Unsurprisingly, respondents were much more likely to rat out new employees and contractors than others. Also unsurprising was that reporting suspicious activity of senior personnel was negligible. One surprising tidbit was that employees are more likely to report suspicions about co workers that they consider friends.

Employees also expressed frustration that their companies provide little guidance or training on what kinds of behavior should be reported or where to report it to. Most employees felt more comfortable reporting potential issues to Human Resources rather than Security. I guess we’re a bit scary.

My takeaways from this were:

1. We need to be more specific than “if your colleague is acting suspiciously, report it.” We need to describe what kinds of behavior are suspicious.

2. We need to give employees clear instructions as to how and where to report suspicious activities. If HR is going to be the gatekeeper, they need to understand how to deal with and escalate reports quickly and confidentially.

3. Since employees tend not to report suspicious behavior, having technical and procedural controls to detect and flag such behavior is really important.

Don’t take my word for it though – this report is interesting reading and worth sharing with your HR department. Insiders are the most dangerous threat actors since they already have access and persistence – but they are also the most likely to be overlooked. So, listen to the goat…

*** This is a Security Bloggers Network syndicated blog from Al Berg's Paranoid Prose authored by Al Berg. Read the original post at:

Recent Posts

Menlo Security Protects Organizations from Iranian Retaliation

As warfare extends to cyberspace, U.S.-based organizations can use email and web isolation to protect users from common tactics used…

1 hour ago

IT Security: Detection Doesn’t Equal Protection

For too long, the sole emphasis of security vendors in the cybersecurity industry has been on detection. Once the attack…

2 hours ago

Low-Intensity Conflict: Cyber, Iran’s Next Move

Iran's next move could be one of low-intensity conflict that could have a big impact on our cyber infrastructures The…

3 hours ago

Update Your Browser to Support TLS 1.2 and WPA2-Enterprise

Organizations should be aware of an important update to TLS. TLS 1.2 is the most recent update that builds on…

9 hours ago

How dormakaba maintains email security through acquisition after acquisition

Mergers and acquisitions (M&A) can stimulate growth, provide opportunities to obtain a competitive advantage, increase market share, and even consolidate…

11 hours ago

Misconfigurations Can Happen to Anyone, Even Microsoft

Over the last 44 years, Microsoft has become a trusted name in technology. Their logo, a familiar and colorful quartet…

11 hours ago