Whether it’s breaking into a bank, obtaining strategic information about an opposing military camp, getting a head start in politics, making a fortune off other people or simply snooping on your spouse… spies and snitches have been around since the dawn of time. Sometimes they work for a good cause, sometimes not – it’s simply a question of point of view. In all cases, the modus operandi remains the same ; they exploit man’s weak points: greed, love, spirituality, politics, family, friends… Once they’ve won the trust of one or more people, it’s already too late.

The employee has already opened the back door of the bank, and in exchange for a few pennies, the criminals come in and take all the money. You can call the police, but they’ll soon be gone, the money and confidential documents with them. That’s the same for your data ?

Anyone can and has always been able to fall on the side of the bad guys. Espionage and information strategy are not the preserve of James Bond or well-organised government entities. Each level of crime has its own means. This threat can no longer be considered solely by defence teams in general, whether they are cyber specialists, infantry, bodyguards, surveillance officers, etc. Spies and informers are targeting more and more people and is raging in an eco-system that is barely half a century old and constantly changing.

In fact, in the cyber sector the insider threat cause a great deal of damage to companies, governments, associations, etc. and make the task of the IT department, operational SOCs and CERTs much more complex. We believe that technological developments in terms of weak signal studies, behavioural analysis, AI, etc. make detection possible and credible. Just like the legal system, which has already had to deal with numerous case.

The CTI CWATCH Almond team invites you to delve into the key characteristics of this protean threat and identify possible defensive measures.