The fact is, we know a tremendous amount about the state of the threat environment, and the impact of both new threats and old vulnerabilities, literally on an hour-by-hour basis. And it is critical information, knowledge every security professional must have just to do their jobs. We need current information on the various species of malware in the wild, the exploits that are being leveraged, the patches that are available (and the ones that aren’t) and the social engineering and phishing strategies that make most successful attacks possible. This is the kind of knowledge that allows organizations to target their resources most effectively, to learn from the failures of others, to be prepared for new attacks as they are detected, and to build viable and effective strategies and policies to best protect their data, their customers and their employees.
Those of us of a certain age can remember very well when the first webcam went online. It was pointed at the coffee pot at a computer science lab within Cambridge University, and provided a simple method for employees to determine if the pot was empty before walking down the hall for a cup.
Systems and network administration is an endless balancing act. On the one hand, availability, stability and performance are paramount concerns, while adding functionality and security are less well understood demands outside the IT organization.
Insider attacks aren’t new. The very first sysadmin probably didn’t go rogue, but it wasn’t very long after him that the first one did. The reason these are among the most problematic attacks are obvious - these are the most trusted users, who, in order to be able to do their jobs, have a level of access and permissions that is much higher than other employees - even higher than the the executives who founded and run the organization.