Et Tu, Brute? When Trusted Insiders Betray

As history buffs and Shakespeare fans know, the Roman dictator Julius Caesar had much to fear from his colleagues during the Ides of March. Caesar’s power grabs and dictatorship had alienated many, even those he thought were allies. On 15 March, 44 BC, Caesar was assassinated in the Senate chamber by a group of senators, including his dear friend Marcus Brutus. Upon seeing Brutus among the assassins, Caesar supposedly uttered the famous words “Et tu, Brute?”, a Latin phrase meaning “Even you, Brutus?”, and resigned himself to his fate. The words have lived on and come to represent the ultimate betrayal by the most unexpected source, such as a trusted partner or family member.

In the 21st century, most betrayals aren’t so violent, but many are still profoundly damaging. The press archives are littered with stories of people and institutions betrayed by trusted colleagues, including the most innocuous-looking worker bees. The trust that organizations place in their workforce can leave them vulnerable to malicious employees, who often use clever methods to hide their illicit activities. Whether through corporate espionage, embezzlement, data theft, or just plain old double-crossing, the trusted insider may have the power (and often the will) to bring an organization to the brink of disaster. The infamous NSA data leaks and various well-publicized thefts of corporate resources (including intellectual property, customer lists, or money) have prompted executives to consider how best to protect their crown jewels from malicious insiders. They also want to know how to ferret out potential problem employees before they have an opportunity to cause harm.

First Step to Protecting Against Insider Threats

A good first step is to improve your understanding of the problem, then develop a multi-prong approach to combating insider threats. There’s plenty of resources available to help, including the “Common Sense Guide to Mitigating Insider Threats”, a technical report produced by Carnegie Mellon University with funding from the U.S. Department of Homeland Security. Recognizing that insider threats have multiple causes, the guide describes 19 practices that organizations should implement across the enterprise to prevent and detect insider threats.

The recommended practices include practical IT security tips such as:

and also legal and HR policies such as:

  • Implementing background checks
  • Implementing employee termination procedures
  • Conducting security training
  • Managing negative issues in the work environment
  • Monitoring suspicious behavior

Restrict Privileged Access

Another common-sense recommendation for preventing security breaches is to restrict privileged access to as few people as possible and keep watch over those who do. Too often, organizations give employees more access to systems and data than they really need to do their jobs. They also fail to monitor or disable accounts for third-party contractors when their work is done, or delete access privileges for ex-employees. Finally, some firms don’t effectively monitor and audit IT administrators, including service providers, to ensure they aren’t abusing their powers. As the old axiom says “Trust, but verify.”

Keeping honest employees honest and routing out those who aren’t requires a combination of tools and activities, including risk assessments, clearly understood and enforced policies and procedures, stringent privileged access controls, and insider threat awareness. While no one is advocating rifling through employees’ in-boxes looking for signs of malfeasance, it is prudent (and often a compliance requirement) to implement IT security solutions that log, monitor, and audit employee actions. That way, unlike Caesar, you can identify and address security threats before they cause your undoing.

More from Identity & Access

Kronos Malware Reemerges with Increased Functionality

The Evolution of Kronos Malware The Kronos malware is believed to have originated from the leaked source code of the Zeus malware, which was sold on the Russian underground in 2011. Kronos continued to evolve and a new variant of Kronos emerged in 2014 and was reportedly sold on the darknet for approximately $7,000. Kronos is typically used to download other malware and has historically been used by threat actors to deliver different types of malware to victims. After remaining…

An IBM Hacker Breaks Down High-Profile Attacks

On September 19, 2022, an 18-year-old cyberattacker known as "teapotuberhacker" (aka TeaPot) allegedly breached the Slack messages of game developer Rockstar Games. Using this access, they pilfered over 90 videos of the upcoming Grand Theft Auto VI game. They then posted those videos on the fan website Gamers got an unsanctioned sneak peek of game footage, characters, plot points and other critical details. It was a game developer's worst nightmare. In addition, the malicious actor claimed responsibility for a…

What is the Future of Password Managers?

In November 2022, LastPass had its second security breach in four months. Although company CEO Karim Toubba assured customers they had nothing to worry about, the incident didn’t inspire confidence in the world’s leading password manager application. Password managers have one vital job: keep your sensitive login credentials secret, so your accounts remain secure. When hackers compromise these software applications, the entire industry of identity and access management (IAM) takes notice. As an alliance of tech giants leads a global push…

Beware of What Is Lurking in the Shadows of Your IT

This post was written with contributions from Joseph Lozowski. Comprehensive incident preparedness requires building out and testing response plans that consider the possibility that threats will bypass all security protections. An example of a threat vector that can bypass security protections is “shadow IT” and it is one that organizations must prepare for. Shadow IT is the use of any hardware or software operating within an enterprise without the knowledge or permission of IT or Security. IBM Security X-Force responds…