Welcome to my inaugural Insider Threat Prevention blog. A few years ago, I had a website that got 80,000 hits a day. This is pretty good for an amateur. It was purely accidental. I wrote about the "Elephant in the Room". Apparently, it hit a nerve and went viral. Someone at Google told us that it was the top ranked site in the world for its category. I really don't know if that was true, but I received a lot of requests from everywhere for free stuff.
A good thing about enjoying a long career is that you become a participatory witness to history as it unfolds. You actually get a chance to learn a few important lessons about how much you don't know, how fickle life can be, how much serendipity plays a role in outcomes, how important connections are, and how to discern the laws of the universe. For one thing, you discover that Newkirk's Law 37 is quite true: We forever know a lot less than we don't know. Or, human intelligence is finite but human ignorance is infinite. No matter how much I know, there is always more I don't know. This is worth remembering, especially if you are just starting out on the road to greatness.
Let me give you an example. Way back, way, way back in the early 1980's, I told an audience in London that the criminals will destroy the Internet. Everyone thought I was daft (British for crazy). I still remember their responses. Most people replied: "What's the Internet?" Others warned me: "You must be crazy! No one cares about the Internet. Everything is free; there is no money in it. It is just a curiosity." I was the best "Thought Leader" in the world no one ever heard of.
Returning to the present, I wish they were right. Unfortunately, 26% or more of companies who suffer from a "Denial of Service" (DDoS) cyber terror attack never recover. Let me spell it out: This means that more than 1 in 4 businesses under DDOS attack disappear because of malicious cyber criminals. Cyber criminals enjoy about a five to seven day advantage over our cyber protectors. We are always in the catch-up mode of Detection.
Two trillion is a big number. It has 12 zeros. You cannot count to two trillion going one digit at a time. Think about it: Counting two trillion seconds one at a time will consume 63,419.58396752917 years. Computers are faster. Our best supercomputer can do 2,000,000 trillion calculations per second. The human brain does 39 thousand-trillion operations per second. This is not bad but it will not win the Intellectual Olympics of the Cosmos.
So $2 trillion is a lot of money, right? This was the estimated amount of money the U.S.A. would lose to Cyber crime in 2018. Hear that, $2 trillion. When you correct for dishonesty, the 2018 number was far greater. This is a lot of lost jobs, lost productivity, and poor competitiveness. How much have we spent on the “War on Terror” over the last 17 years? Would you believe it is about $5.5 trillion? This is for 17 years of global effort. Now do the math, $2 trillion + in a single year lost to Cyber Crime, and counting. America, we have a problem. The criminals are still out front, not as far as they once were, but still out front.
Now think about this: Anywhere from 30% to 70% of all cyber-attacks come from company insiders. Imagine that, a company’s own employee working against it. Why not? An insider attack is simply an extension of internal conflict, a perennial problem of workplace relationships. Rather than hitting a colleague over the head with a chair, someone brings in a thumb drive, steals a password from an unsuspecting friend, downloads a folder of very valuable I.P. and sells it to a temporary contractor, malicious competitor, or external agent. Conflict has created an Insider Threat.
We need to take Insider Threats more seriously than we do. They are defeating us. Insider Threat is the Cyber-Elephant in the room.
Think about it.
Una vita e non basta.