Type your search and hit enter
Trusted insider a security threat, warns Brandis

Trusted insider a security threat, warns Brandis

Federal Attorney-George Brandis warns the trusted insider is a security planner’s achilles heel and poses the biggest risk

Security planners are racing to close gaps across networks and ICT infrastructure. But they have overlooked a Trojan horse already inside the gate, Attorney-General, George Brandis has warned.

This Trojan horse is the trusted insider, an internal staff member with unprecedented access to intelligence as well as government and business information, Brandis warned delegates at a 'Government in Security' conference this week in Canberra.

He said that a trusted insider with unmonitored access to information can cause considerable damage because "they know how things work."

Brandis added that classified material that filled a suitcase is now stored on a microchip no larger than his thumbnail.

"The amount of classified information that we hold has grown exponentially,” he said.

A trusted insider can source sensitive information through networked computers and copy and transfer this with ease.

“That is why the two largest breaches of Western intelligence have occurred only recently,” he said.

The stakes are getting higher, as demonstrated by the high-profile Edward Snowden and Bradley Manning incidents involving US intelligence and government, he said.

“Bradley Manning copied thousands of classified documents while working as an intelligence analyst for the US Army. He leaked a quarter of a million diplomatic cables and half a million army reports to the website WikiLeaks.”

Read more: 16.5k malware infections reported daily in Australia

Know your staff

The common assumption is that sophisticated hacking or viruses are the biggest concerns, he said.

“These are threats but the reality is that the most likely source of a breach, whether accidental or deliberate, is not a hacker. It’s not a person that puts malware into the system. The most likely source of a breach is one of your own staff.”

To tackle insider risk, it is critical to continually vet and monitor staff’s suitability to access information, he said. “This should never be under-estimated.”

Read more: 6 IT Security Innovations to Keep You Ahead of Attackers

With staff vetting arrangements, “it’s not enough to simply ‘tick and flick’ an application every few years.”

He added that a trusted insider can only be thwarted by a robust security culture that is shared, observed and managed by everyone within an organisation.

Among the remedies, the Attorney-General’s Department is sharing a new handbook 'Managing the insider threat', which details how to understand the insider threat.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags information securitymalwareIT Securityvirusesgovernment securityBradley Manningcyber-securityAttorney-George BrandisTrohan horseEdward Snowdon

More about Attorney-GeneralUS Army

Show Comments