back to article Forget the outside hacker, the bigger threat is inside by the coffee machine

In this week's Kettle the topic is one that's been much in the news this week - the much-underrated insider threat issue. There are thousands of security shops willing to sell elaborate firewalls, zero-trust barriers, and AI security systems that claim to be able to spot a wrong'un easily. But time and again the most effective …

  1. Yet Another Anonymous coward Silver badge

    Perfect security

    None of our employees have the faintest idea what we do, why we do it, who the customer is or how it works -

    1. Bebu
      Windows

      Re: Perfect security

      《None of our employees have the faintest idea what we do, why we do it, who the customer is or how it works -》

      I think I have worked there. Unfortunately. :(

      Actually when I think of it - what does BOFH's employer do in the way of business?

    2. Fruit and Nutcase Silver badge

      Re: Perfect security

      By employees, do you by any chance mean the government?

    3. Anonymous Coward
      Anonymous Coward

      Re: Perfect security

      Isn't that normally management?

      :)

    4. Roland6 Silver badge

      Re: Perfect security

      I assume your definition of “employees” includes the executives et al…

    5. Radek
      Pint

      Re: Perfect security

      After many years of inactivity here I just logged in only to upvote this comment - time well spent! :)

  2. stiine Silver badge

    I thought for sure you were going to talk about remote microphones glued to the back of the coffee machine or about the outsourced cleaning crew.

    1. Bebu
      Windows

      Seriously though...

      《I thought for sure you were going to talk about remote microphones glued to the back of the coffee machine or about the outsourced cleaning crew.》

      Drink and snack dispensing machines have "phoned home" for more than a decade. (Many have small aerials poking above the back of the machine.) I can imagine similarly serviced coffee (espresso) machines or even water coolers might already do the same. How difficult (as in *not*) to instrument these machines, hidden in plain sight, to capture audio, video and wifi/bluetooth?

      1. PRR Silver badge

        Re: Seriously though...

        > ..How difficult (as in *not*) to instrument these machines,

        Or how difficult for El Reg to post these small videos on/through a speech-to-text captioning tool? I don't do PC audio anymore. Ears are shot, and when the dogs hear strange voices in the house they go ballistic. Plain YouTube does quite well, with occasional giggle-fits, and now more ads. Is this proprietary video app better in some way??

  3. Antron Argaiv Silver badge
    Big Brother

    Anti-American sentiments

    My goodness, the storage banks must be overflowing with juicy tidbits after the past month of Republican idiocy.

    Or do we just record instances of "this country's going to sh*t"?

    Guess I'll find out next time I try to get back in after a trip.

  4. Mike 137 Silver badge

    Realities

    If you think technology can fix security, you don't understand technology and you don't understand security” Bruce Schneier

    And he was right. The vast majority of security incidents are fundamentally down to sloppy management. The technical aspects are in general secondary -- only possible due to lack of adequate management, whether it be failure to patch, lack of scrutiny, absence of due process, inadequate risk assessment or a plethora of other management failings. And it's not just the front line folks at fault -- it's commonly a problem of corporate culture.

    1. Roland6 Silver badge

      Re: Realities

      Well the evidence (over several decades) does suggest there is a supplementary caveat”

      If you think the law can fix security, you don't understand the law and you don't understand security.

      Where law means both courts (ie. Prosecution of hackers) and legislation.

  5. Anonymous Coward
    Anonymous Coward

    HR to blame?

    Posting anon, for reasons...

    My employer makes us do compulsory cyber-security training so that we can spot external threats, but we seem to be happy to hire Chinese or Russian nationals. I've no idea if HR do any kind of background checks or, if they do, whether these would actually achieve anything.

    1. Anonymous Coward
      Anonymous Coward

      Re: HR to blame?

      Too many decades back worked in a security cleared environment. Many were from Eastern European (then Soviet block) countries, they accepted that depending on the wind their security clearance could be overturned. Over the few years I was engaged, the same faces appeared and disappeared, only to reappear a few months later….

    2. Anonymous Coward
      Anonymous Coward

      Re: HR to blame?

      We had someone last year interview for a role and fail to get it. Only for the same idiot manager and HR to invite the same person back for an interview for the same role a week later.

    3. Alan Brown Silver badge

      Re: HR to blame?

      Working in academia with PhD candidates, it was pretty obvious who the PLA plants were, but they only seemed to be there to intimidate Chinese nationals into toeing the line (as well as antagonising Taiwanese or SE Asian citizens of chinese descent)

  6. The Oncoming Scorn Silver badge
    Coat

    Huh!

    We have a imaging process that asks questions prior to starting to chose the right build & despite the fact the region is Canada & all the Canadian domains locations etc are checked it asks the question?

    Is the user a US Citizen?

    1. Anonymous Coward
      Anonymous Coward

      Re: Huh!

      or a pro-French, anti-Freedom, Socialist?

    2. Alan Brown Silver badge

      Re: Huh!

      Many banks don't want US Citizens as customers due to the extra paperwork involved, I can see some employers having a similar position

  7. Grogan Silver badge

    Scouring social media looking for anti-American sentiment? It might be easier to scan for posts that don't have any.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like