Inspired by McDaniel Wicker‘s article named PERSPECTIVE: A Better Way to Counter Insider Threats posted October 14th 2022
The sword of Damocles – Where is the threat coming from?
Contrary to popular belief, the most significant threats are often internal rather than external. They can sometimes be involuntary, due to lack of knowledge or negligence and there are those which are, whether we like it or not, voluntary. Hence the famous phrase of Francis de Sale “là où il y a de l’homme, il y a de l’hommerie” which more or less translates to “where there is humanity, there is inhumanity”. That said, this conclusion should make us deliberate and encourage us to rethink our strategy in order to counter them because when an attack occurs, the effects are often harmful, causing reputational damage and costly in terms of loss and fixing costs.
Why rethink our way of doing things?
Traditional investigative methods of criminal and credit background checks remain relevant. However, to trust the honesty and reliability of an individual based simply on these results could be a mistake. This should only be a starting point rather than a conclusion. With the exponential growth of PAI (publicly available information), it is now imperative to combine the traditional approach with OSINT (Open Source Intelligence) investigation techniques in order to counter both internal and external attacks.
“ It’s All About the “Why” Insider threats are real and ever-present. It is incumbent on leaders to appropriately address the risks posed by those within their organizations…. A new process that fully leverages the capabilities of PAI and AI/ML is necessary to effectively combat the dangers of insider threat. ” McDaniel Wicker
How to rethink our way of doing things?
Valuable information can be found on social media platforms, news sites, public archives, blogs, chat rooms, the dark web, etc. Advanced OSINT forensic tools modeling topics and link analysis assist investigators by filtering information and highlighting the critical ones. It might be tempting to go it alone and do this research yourself. On the other hand, it is much more judicious to seek assistance in order to avoid dispersing oneself, mismanaging the information obtained, or worse, increasing the risks by improvising as an analyst.