When most people think about the term insider threat, their tendency is to focus on how an employee or contractor may attack from within the IT environment or business boundary. There is also the assumption that the insider is acting intentionally. While this traditional notion of an insider threat risk is certainly still accurate, what about harm that comes from complacent or unintentional acts?
An organization’s collective insider threat risk must also consider harm that comes from complacent or unintentional acts that negatively impact the environment. A seemingly innocent internal user may take an action they feel was needed or necessary, negatively impacting the confidentiality, integrity or availability of the organization, its data, personnel, or facilities. In short, human error from authorized parties represents a significant unintentional insider threat to your organization.
There are many examples how this type of unintentional insider threats can impact availability. One of the larger on record, though, happened with AWS in February 2017. In this case, an authorized team member used an established process to execute a command that was intended to only remove a small number of servers from a pool of S3 subsystem servers in the US-EAST-1 region. The team member made a mistake and entered a much larger number into the command, removing too many servers from the pool of resources. The result was significant and immediate. By accidentally crippling a crucial AWS service in what could easily be deemed AWS’ most significant region and availability zone, hundreds of high-profile AWS customers online presences went dark.
I’m sure the employee didn’t mean to create such a news story, nor did they intend to force a root cause analysis summary that’s still available today. AWS’ response was correct. They modified the tool to reduce the likelihood of human error, along with other modifications. The crux is that even companies with well-established processes and capable employees can still fall victim to simple mistakes. Effective training, thorough processes, complete procedures can certainly help, and then adding in routine external validation for your training, processes, and procedures will reduce the likelihood that your organization will suffer a similar event.