Delivers actionable strategies and best practices for preventing insider threats across organizations of all sizes. Articles cover access controls, employee vetting, security culture development, continuous monitoring, incident response planning, and policy frameworks designed to stop threats from within.
posts
In May 2022, a Yahoo research scientist named Qian Sang downloaded roughly 570,000 pages of proprietary source code to his personal devices — minutes after receiving a job offer from a competitor. Yahoo's internal systems flagged it, but only after the data had already left. That incident is
In January 2023, a former Tesla employee leaked the personal information of over 75,000 people — names, Social Security numbers, financial records — to a foreign news outlet. Tesla confirmed the breach wasn't caused by a sophisticated threat actor or a zero-day exploit. It was an insider. If you&
In December 2020, a former Cisco employee pleaded guilty to accessing the company's cloud infrastructure and deleting 456 virtual machines, wiping out 16,000 Webex Teams accounts. He'd left the company months earlier. His credentials still worked. That single insider incident cost Cisco roughly $2.4
In July 2020, a 17-year-old in Florida convinced a Twitter employee to hand over internal tool credentials. Within hours, threat actors had hijacked high-profile accounts — Barack Obama, Elon Musk, Apple — and ran a Bitcoin scam that netted over $100,000. The breach didn't start with a zero-day exploit
In 2022, a former employee at Cash App's parent company, Block Inc., downloaded reports containing the personal information of over 8 million customers — months after they'd left the company. The access was never revoked. No alarm was triggered. The breach wasn't discovered until the
