Security planners are racing to close gaps across networks and ICT infrastructure. But they have overlooked a Trojan horse already inside the gate, Attorney-General, George Brandis has warned. This Trojan horse is the trusted insider, an internal staff member with unprecedented access to intelligence as well as government and business information, Brandis warned delegates at a ‘Government in Security’ conference this week in Canberra. He said that a trusted insider with unmonitored access to information can cause considerable damage because “they know how things work.” Brandis added that classified material that filled a suitcase is now stored on a microchip no larger than his thumbnail. “The amount of classified information that we hold has grown exponentially,” he said. A trusted insider can source sensitive information through networked computers and copy and transfer this with ease. “That is why the two largest breaches of Western intelligence have occurred only recently,” he said. The stakes are getting higher, as demonstrated by the high-profile Edward Snowden and Bradley Manning incidents involving US intelligence and government, he said. “Bradley Manning copied thousands of classified documents while working as an intelligence analyst for the US Army. He leaked a quarter of a million diplomatic cables and half a million army reports to the website WikiLeaks.” Know your staff The common assumption is that sophisticated hacking or viruses are the biggest concerns, he said. “These are threats but the reality is that the most likely source of a breach, whether accidental or deliberate, is not a hacker. It’s not a person that puts malware into the system. The most likely source of a breach is one of your own staff.” To tackle insider risk, it is critical to continually vet and monitor staff’s suitability to access information, he said. “This should never be under-estimated.” With staff vetting arrangements, “it’s not enough to simply ‘tick and flick’ an application every few years.” He added that a trusted insider can only be thwarted by a robust security culture that is shared, observed and managed by everyone within an organisation. Among the remedies, the Attorney-General’s Department is sharing a new handbook ‘Managing the insider threat’, which details how to understand the insider threat. Related content brandpost Sponsored by Dell Technologies and Intel® Gen AI without the risks Demystifying generative AI: Practical tips for cost-effective deployment in your organization. By Andy Morris, Enterprise AI Strategy Lead at Intel Nov 27, 2023 6 mins Artificial Intelligence brandpost Sponsored by SAP Old age isn’t what is used to be: a versatile solution for a more independent breed of seniors An award-winning company from Down Under gives today’s seniors the power to access the services they need while keeping control of their own destinies and preserving their independence. By Michael Kure, SAP Contributor Nov 27, 2023 4 mins Digital Transformation news COP28: CIO’s vision for a sustainable future By Andrea Benito Nov 27, 2023 3 mins feature 10 things keeping IT leaders up at night The CIO’s rise to prominence has led to a wider array of high-profile responsibilities that — when coupled with the ever-increasing pace of technology and business change — bring more stress to the role than ever before. By Mary K. Pratt Nov 27, 2023 12 mins IT Strategy IT Leadership Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe