This is National Insider Threat Awareness Month. Here’s what this is about:
First held in 2019, NITAM is an annual, month-long campaign during September that brings together thousands of U.S. security professionals and policy makers from government and industry, located in 25 countries around the globe, to educate government and industry about the risks posed by insider threats and the role of insider threat programs.
Craig Birch, Principal Technologist for Cayosoft has this perspective:
As we observe National Insider Threat Awareness Month, it’s crucial to recognize that insider threats extend far beyond malicious actors within our organizations. A significant and often overlooked category of insider risk emerges from the very people tasked with protecting our systems: IT administrators whose everyday actions can unintentionally create serious security and operational vulnerabilities.
There’s a real issue related to privileged group membership changes. Every day, administrative actions can unintentionally create serious security and operational risks. For example, an IT admin might temporarily disable multi-factor authentication (MFA) for a user under pressure to complete a critical task.
If that exclusion is forgotten, the account becomes a weak point, vulnerable to phishing and potentially granting attackers access to sensitive applications.While not malicious in intent, these everyday admin changes are a form of insider-driven risk, arising not from attackers, but from human error, pressure, or incomplete understanding of the impact of a configuration change.
Similarly, small configuration changes in tools like Intune can have wide-ranging effects. Accidentally disabling encryption, for instance, could leave every corporate laptop unprotected, exposing the business to data theft if devices are lost or stolen.
These scenarios highlight how tenant-level settings and quick band-aid fixes, even when well-intentioned, can either: Weaken the security posture by introducing vulnerabilities, or create operational risks by over-restricting access and disrupting business processes.
To address this issue, organizations should implement continuous monitoring and automated controls around privileged group membership and administrative configuration changes. To reduce this risk, enterprises should:
- Enforce policy guardrails to ensure critical security requirements cannot be disabled without approval.
- Enable continuous visibility through deployment of monitoring and alerting tools that detect and report privileged group membership changes in real time.
- Automate recovery through automated rollback or policy enforcement to rapidly restore secure defaults when unauthorized or risky changes occur.
- Educate administrators through ongoing training to help IT staff understand the broader security implications of everyday admin actions.
Now is a good time to look at your environment and make sure that you don’t get pwned by an insider.
Like this:
Like Loading...
Related
This entry was posted on September 10, 2025 at 8:46 am and is filed under Commentary. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
A Perspective On National Insider Threat Awareness Month
This is National Insider Threat Awareness Month. Here’s what this is about:
First held in 2019, NITAM is an annual, month-long campaign during September that brings together thousands of U.S. security professionals and policy makers from government and industry, located in 25 countries around the globe, to educate government and industry about the risks posed by insider threats and the role of insider threat programs.
Craig Birch, Principal Technologist for Cayosoft has this perspective:
As we observe National Insider Threat Awareness Month, it’s crucial to recognize that insider threats extend far beyond malicious actors within our organizations. A significant and often overlooked category of insider risk emerges from the very people tasked with protecting our systems: IT administrators whose everyday actions can unintentionally create serious security and operational vulnerabilities.
There’s a real issue related to privileged group membership changes. Every day, administrative actions can unintentionally create serious security and operational risks. For example, an IT admin might temporarily disable multi-factor authentication (MFA) for a user under pressure to complete a critical task.
If that exclusion is forgotten, the account becomes a weak point, vulnerable to phishing and potentially granting attackers access to sensitive applications.While not malicious in intent, these everyday admin changes are a form of insider-driven risk, arising not from attackers, but from human error, pressure, or incomplete understanding of the impact of a configuration change.
Similarly, small configuration changes in tools like Intune can have wide-ranging effects. Accidentally disabling encryption, for instance, could leave every corporate laptop unprotected, exposing the business to data theft if devices are lost or stolen.
These scenarios highlight how tenant-level settings and quick band-aid fixes, even when well-intentioned, can either: Weaken the security posture by introducing vulnerabilities, or create operational risks by over-restricting access and disrupting business processes.
To address this issue, organizations should implement continuous monitoring and automated controls around privileged group membership and administrative configuration changes. To reduce this risk, enterprises should:
Now is a good time to look at your environment and make sure that you don’t get pwned by an insider.
Share this:
Like this:
Related
This entry was posted on September 10, 2025 at 8:46 am and is filed under Commentary. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.