In-depth articles on identifying, preventing, and responding to insider threats from employees, contractors, and trusted partners. Topics include behavioral indicators, monitoring tools, incident response protocols, and building policies that mitigate both malicious and accidental insider risks.
posts
In 2022, a single employee at Uber received a flood of multi-factor authentication push notifications, got frustrated, and approved one. That decision gave a teenage threat actor access to Uber's internal systems, Slack, and cloud infrastructure. An acceptable use policy cybersecurity framework — one that specifically addressed MFA fatigue
The Policy Nobody Reads Until It's Too Late In December 2020, a SolarWinds employee reportedly used the password "solarwinds123" on a critical server — a credential so weak it became a punchline at Congressional hearings. But here's the question nobody asked loudly enough: did SolarWinds
A Parking Lot Full of Malware In 2016, researchers at the University of Illinois dropped 297 USB drives across a campus. Nearly 48% were picked up and plugged into a computer. Some were plugged in within six minutes of being dropped. That study still haunts me because the fundamental behavior
The Sticky Note That Cost a Hospital $1.2 Million A few years ago, I walked into a client's office for a security assessment and found a sticky note on a monitor in the billing department. It had a username, a password, and the name of their patient
The Unlocked Filing Cabinet That Cost a Hospital $3 Million In 2019, the Office for Civil Rights fined Bayfront Health St. Petersburg $85,000 for a breach involving paper records left in an unsecured location. That was a small settlement. I've seen organizations lose far more when a
