Et Tu, Brute? When Trusted Insiders Betray

As history buffs and Shakespeare fans know, the Roman dictator Julius Caesar had much to fear from his colleagues during the Ides of March. Caesar’s power grabs and dictatorship had alienated many, even those he thought were allies. On 15 March, 44 BC, Caesar was assassinated in the Senate chamber by a group of senators, including his dear friend Marcus Brutus. Upon seeing Brutus among the assassins, Caesar supposedly uttered the famous words “Et tu, Brute?”, a Latin phrase meaning “Even you, Brutus?”, and resigned himself to his fate. The words have lived on and come to represent the ultimate betrayal by the most unexpected source, such as a trusted partner or family member.

In the 21st century, most betrayals aren’t so violent, but many are still profoundly damaging. The press archives are littered with stories of people and institutions betrayed by trusted colleagues, including the most innocuous-looking worker bees. The trust that organizations place in their workforce can leave them vulnerable to malicious employees, who often use clever methods to hide their illicit activities. Whether through corporate espionage, embezzlement, data theft, or just plain old double-crossing, the trusted insider may have the power (and often the will) to bring an organization to the brink of disaster. The infamous NSA data leaks and various well-publicized thefts of corporate resources (including intellectual property, customer lists, or money) have prompted executives to consider how best to protect their crown jewels from malicious insiders. They also want to know how to ferret out potential problem employees before they have an opportunity to cause harm.

First Step to Protecting Against Insider Threats

A good first step is to improve your understanding of the problem, then develop a multi-prong approach to combating insider threats. There’s plenty of resources available to help, including the “Common Sense Guide to Mitigating Insider Threats”, a technical report produced by Carnegie Mellon University with funding from the U.S. Department of Homeland Security. Recognizing that insider threats have multiple causes, the guide describes 19 practices that organizations should implement across the enterprise to prevent and detect insider threats.

The recommended practices include practical IT security tips such as:

and also legal and HR policies such as:

  • Implementing background checks
  • Implementing employee termination procedures
  • Conducting security training
  • Managing negative issues in the work environment
  • Monitoring suspicious behavior

Restrict Privileged Access

Another common-sense recommendation for preventing security breaches is to restrict privileged access to as few people as possible and keep watch over those who do. Too often, organizations give employees more access to systems and data than they really need to do their jobs. They also fail to monitor or disable accounts for third-party contractors when their work is done, or delete access privileges for ex-employees. Finally, some firms don’t effectively monitor and audit IT administrators, including service providers, to ensure they aren’t abusing their powers. As the old axiom says “Trust, but verify.”

Keeping honest employees honest and routing out those who aren’t requires a combination of tools and activities, including risk assessments, clearly understood and enforced policies and procedures, stringent privileged access controls, and insider threat awareness. While no one is advocating rifling through employees’ in-boxes looking for signs of malfeasance, it is prudent (and often a compliance requirement) to implement IT security solutions that log, monitor, and audit employee actions. That way, unlike Caesar, you can identify and address security threats before they cause your undoing.

More from Identity & Access

Another category? Why we need ITDR

5 min read - Technologists are understandably suffering from category fatigue. This fatigue can be more pronounced within security than in any other sub-sector of IT. Do the use cases and risks of today warrant identity threat detection and response (ITDR)? To address this question, we work backwards from the vulnerabilities, threats, misconfigurations and attacks that IDTR specializes in providing visibility into. As identity threat detection and response (ITDR) technology evolves, one of the most common queries we get is: “Why do we need…

Access control is going mobile — Is this the way forward?

2 min read - Last year, the highest volume of cyberattacks (30%) started in the same way: a cyber criminal using valid credentials to gain access. Even more concerning, the X-Force Threat Intelligence Index 2024 found that this method of attack increased by 71% from 2022. Researchers also discovered a 266% increase in infostealers to obtain credentials to use in an attack. Family members of privileged users are also sometimes victims.“These shifts suggest that threat actors have revalued credentials as a reliable and preferred…

Passwords, passkeys and familiarity bias

5 min read - As passkey (passwordless authentication) adoption proceeds, misconceptions abound. There appears to be a widespread impression that passkeys may be more convenient and less secure than passwords. The reality is that they are both more secure and more convenient — possibly a first in cybersecurity.Most of us could be forgiven for not realizing passwordless authentication is more secure than passwords. Thinking back to the first couple of use cases I was exposed to — a phone operating system (OS) and a…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today