Return of the Guru

Data Loss Often Due to People Who Just Don’t Care

Ara Trembly
Insurance Experts' Forum, May 18, 2011

I read with great interest a recent posting on CSO concerning what they called the “three types of insider threat” to organizations, enterprises and systems. With data and confidential information at the heart of the insurance enterprise, such threats must obviously be addressed.

The piece identifies these three types of workers as the “trusted unwitting insider,” the “trusted witting insider” and the “untrusted insider.” The first case is a person who, through some lapse in judgment, allows access to sensitive information (e.g., finding a thumb drive and plugging it into the company’s systems to see what it is), but certainly wouldn’t cause a problem purposely.

The “trusted witting insider” is a common thief—someone who purposely acts to steal information and probably sell it to the highest bidder, the article notes. The “untrusted insider” then, is someone who illegally gains access to the network via malware or other attack methods and gains privileges that can lead to havoc for the company whose systems are breached.

Certainly, all of these individuals present a danger to organizations like insurance companies that traffic in sensitive data, yet I would suggest there is another type of dangerous “insider” that is just as troublesome, and perhaps more difficult to detect. I would call this person the “trusted selfish insider.”

Like the “trusted unwitting insider,” the “trusted selfish insider” isn’t necessarily out to sell confidential information to a competitor or to the black market. On the other hand, the selfish employee really doesn’t care if information does happen to leak out due to some activity of his or hers. This individual has a strong set of priorities, and they begin and end with himself or herself.

For example, one of the most vulnerable places one can go in terms of security is any of the popular social networking sites. With half a billion people having Facebook accounts alone, this is obviously a significant problem, especially if one accesses such an account from inside a corporate network. The selfish employee may fully realize that Facebooking or Twittering from inside the corporate firewall is dangerous, but that is not a concern. All this employee really thinks about is telling everyone about the pearls of wisdom pouring forth from his or her allegedly superior brain every few minutes. If some hacker happens to jump in and become an “untrusted insider,” well that’s just too bad. The company should have safeguards to prevent that from happening.

The irony is that every company does have a safeguard to prevent this from happening. That safeguard is a set of policies for Internet access and a set of employees who respect and value their places of business enough to follow those policies. Many organizations lack a sensible policy, and that is a shame, but a correctable one. On the other hand, lots of social media acolytes are only too happy to try and bypass their companies’ policies in order to satisfy their insatiable lust for attention.

That problem is much harder to solve. If you are fortunate enough to be able to identify a “trusted selfish insider,” however, you would be wise to move such an individual into the “untrusted” category.

Ara C. Trembly (www.aratremblytechnology.com) is the founder of Ara Trembly, The Tech Consultant, and a longtime observer of technology in insurance and financial services.

Readers are encouraged to respond to Ara using the “Add Your Comments” box below. He can also be reached at ara@aratremblytechnology.com.

This blog was exclusively written for Insurance Networking News. It may not be reposted or reused without permission from Insurance Networking News.

The opinions of bloggers on www.insurancenetworking.com do not necessarily reflect those of Insurance Networking News.

Comments (0)

Be the first to comment on this post using the section below.

Add Your Comments...

Already Registered?

If you have already registered to Insurance Networking News, please use the form below to login. When completed you will immeditely be directed to post a comment.

Forgot your password?

Not Registered?

You must be registered to post a comment. Click here to register.

Blog Archive

Insurance: The Next Generation (Part 2)

The Internet of things and the burgeoning number of smart devices coupled with cognitive computing will offer a more evidence-based, real-time approach to managing risks.

Social Media Turns the Sales Funnel Upside Down

If you can reach one member of a group with content that meets the criteria for contagious content, then they are likely to share with others.

Insurance: The Next Generation (Part 1)

Insurers are at a moment when their technological capabilities can be used to improve many of the legacy issues plaguing the industry.

Predicting the Future Becomes Reality

A recent Big Data experiment showed 70 percent accuracy in predicting crime in certain locales. The implications go far beyond that.

Social Media for Insurers — Stop Counting and Start Measuring

Measuring goes beyond just accumulating fans and followers: it looks at the contribution to business.

Keys to Successful Policy Administration System Upgrades

Celent surveyed 44 North American insurers to find answers to the major challenges of upgrading policy admin systems.