Over the last month a lot of my time has been spent focusing on security as I design a security framework and strategy for a customer. One comment I hear often is “we don’t need to worry about internal security threats” or “internal security threats are minor and represent a low priority”. I couldn’t disagree more and have been repeatedly emphasizing the importance of protecting ones assets from internal attacks, which for some companies is a greater threat.
Yesterday’s report of an AOL software engineer being arrested for stealing 92 million customer screen names proves my point. Some people will do crazy things when offered enough money. And companies that believe “it won’t happen here” or “our employees would never do such a thing” are fooling themselves. Why risk it? Invest in reducing security threats, both external and internal.
Posted in uncategorized. Tagged in .