When the threat comes from inside
By Anna Borgström, NetClean CEO
The other week, I was part of a very interesting panel discussion hosted by Arrow together with IBM, VMware and Truesec. The session was the first event in the Arrows Cybercrime series. We talked about cyber threats and how companies can build resilience and strengthen their security posture. Carolina Angelis from Truesec had an interesting keynote on the topic “When the threat comes from inside”.
According to IBM, current employees, former employees, contractors, business partners, or business associates are all insiders that could pose a threat to the company. However, any person with the right level of access to a company’s computer systems and data can harm an organization, including suppliers or vendors.
Insider threats and attacks are becoming a burning issue for organizations globally, as a single act of an employee could cost a fortune for the company’s security. Inside threats come from mainly three sources:
- Compromised users
- Malicious users
- Careless users
The compromised user – an easy target
And it was clear to me that the first, the compromised user, who is an employee that has been compromised by an outsider, could be a person that has a sexual interest in children and use their company IT equipment to consume child sexual abuse material.
If an outsider finds out that an employee has an interest in child sexual abuse material and maybe also sexually abuses children, the outsider can use that information to get what they want. The better we are at protecting our companies from external threats, the higher the risk of outsiders exploiting employees.
It can be anyone
When it comes to child sexual abuse offenders there is a belief that it is possible to identify who is and who isn’t a perpetrator. But it could be anyone. A person with a sexual interest in children could be your neighbor, your friend, and yes, it can be your coworker or your boss.
Before the internet, someone with a sexual interest in children felt isolated, aberrant, and alone. Today, he is part of a global community. He interacts online and worldwide with people with similar interests. They share images, fantasies, techniques and even real children. And they do it all with virtual anonymity. Most people that are investigated for possession of child sexual abuse material have employment and 1 in 500 are using a company computer to consume the material.
Behind the statistics
I often get questions about the statistics we present, and I do believe that numbers are an important aspect of understanding the issue of child sexual abuse. However, they sometimes tend to overshadow the actual problem and draw attention from what is really happening and what is important.
Child Rescue Coalition, a nonprofit organization that builds technology for law enforcement, saw in their latest report that the most shared child abuse file had been seen linked with over 2.5 million unique IP addresses. The report also revealed offenders typically have between 50 and 150 victims over the course of their lifetimes – and that 90% of children who suffered sexual abuse were violated by someone known to the family.
Carolina spoke in her keynote about an employee that was caught with 25 000 child sexual abuse images on his work computer. The person was at the time working in a government agency in Sweden acting under the Ministry of Defense. By following the trail of the detected images on the work computer, law enforcement could later identify and safeguard the man’s stepdaughter who was sexually abused and depicted in the material. Given the sensitive nature of this man’s work, he could have been an easy target for an outsider.
The impact of this crime can hardly be exaggerated and by using NetClean’s products companies can easily build their resilience and strengthen their security posture while reducing real-world harm to children.
Others also read
Over the past year, we’ve transformed NetClean completely. We’re taking the company from the start-up phase to the scale-up phase and finally, we’re in the process of expanding.
NetClean, the fast-growing Swedish software company that provides products to detect and block Child Sexual Abuse Material (CSAM) in corporate IT environments, further strengthens its leadership team.
Insider threats are becoming a burning issue for organizations globally, as a single act of an employee could cost a fortune for the company’s security. Employees with a sexual interest in children are posing a great risk for any company.
Is certain misuse of company assets perceived as less risk to the IT security due to the nature of the crime? Are they being overlooked simply because they are considered to be “soft crimes”?