Tag

Insider Threats

Content tagged here examines threats originating from within an organization, including malicious employees, negligent staff, and compromised credentials. Topics cover behavioral indicators, monitoring tools, data loss prevention, insider threat programs, and organizational policies designed to detect and mitigate risks from trusted individuals.

posts

Clean Desk Policy

Clean Desk Policy Cybersecurity: Your Cheapest Defense

In 2023, a healthcare organization in the Midwest lost over 2,000 patient records — not because a hacker exploited a zero-day vulnerability, but because an employee left printed patient lists on their desk over the weekend. A cleaning contractor photographed them. That's it. No malware, no phishing email,

Carl B. Johnson Apr 20, 2025 7 min read
Insider Threats

How to Prevent Insider Threats: A Practical Guide

In January 2023, a former Tesla employee leaked the personal information of over 75,000 people — names, Social Security numbers, financial records — to a foreign news outlet. Tesla confirmed the breach wasn't caused by a sophisticated threat actor or a zero-day exploit. It was an insider. If you&

Carl B. Johnson Dec 09, 2023 7 min read
Insider Threats

Malicious Insider vs Negligent Insider: The Real Threat

Two Employees, Two Paths to a Breach In May 2023, Tesla disclosed that two former employees had leaked the personal data of over 75,000 workers — including Social Security numbers and financial records — to a German news outlet. That wasn't a sophisticated nation-state hack. It was insiders walking

Carl B. Johnson Dec 09, 2023 7 min read
Shadow IT Risks

Shadow IT Risks: The Hidden Threat Draining Your Budget

The App Your Marketing Team Installed Last Tuesday Could Cost You Millions In 2022, a mid-size healthcare company discovered that an employee had been syncing patient records to a personal Dropbox account for three years. No malicious intent — they just wanted to work from home more easily. The resulting HIPAA

Carl B. Johnson Nov 03, 2023 7 min read
Tailgating Attack

Tailgating Attack Cybersecurity: Stop the Walk-In Threat

In 2019, a man wearing a reflective vest and carrying a clipboard walked into a secure data center in Atlanta, unplugged a server, tucked it under his arm, and walked right back out the front door. Nobody stopped him. Nobody questioned him. A $2.5 million client database left the

Carl B. Johnson Sep 18, 2023 7 min read
Insider Threats

How to Prevent Insider Threats: A Practical Guide

In December 2020, a former Cisco employee pleaded guilty to accessing the company's cloud infrastructure and deleting 456 virtual machines, wiping out 16,000 Webex Teams accounts. He'd left the company months earlier. His credentials still worked. That single insider incident cost Cisco roughly $2.4

Carl B. Johnson Jan 15, 2022 6 min read
Insider Threats

Malicious Insider vs Negligent Insider: Real Threats

One Cost the Company $3.4 Billion. The Other Just Forgot to Lock the Door. In 2020, a former Ubiquiti employee launched a devastating attack against his own employer — stealing proprietary data, attempting extortion, and then posing as a whistleblower to tank the company's stock. That's

Carl B. Johnson Jan 15, 2022 7 min read