Insiders on the outside

defending-against-insider-threat-landingPageImage-w-67Homeland Security Magazine has a very interesting case study on an insider threat case involving DirecTV.  In this case, the insider was a sort-of third order insider, as they worked for the document management contractor of DirecTV’s law firm.

A few lessons for us infosec professionals from this:

First:  The definition of insiders expands as businesses continue to outsource functions which used to be done in house.

Second: Vendor Risk Management programs need to pay special attention to law firms.  These guys are like companies’ confessors; we tell them all of our deepest secrets and rely on them to keep things secret.

Third:  Trust no one.

Leave a Reply