Is it time to talk about Quittin’ Quentin, Disgruntled Dave, Sandra the Spy and Careless Caroline?

Posting date:02 Dec 2019

We recently attended The Future of Cyber Security Europe 2019 and was amazed at the emphasis of the Insider Threat with speakers like Richard Parlour, Mark Howell and Daniel Selman all identifying it as a key issue and with the non-malicious Insider Threat accounting for 50% of all data breaches in business, it's not hard to see why.

I am a huge advocate for educating a non-Cyber Security audience about the dangers of an uneducated workforce and recently contributed to our Evolution of Cyber white paper where we emphasised the need for HR and Cyber Security teams to work together to reverse this. I wanted to share with you something I heard at the Expo which brought this common dilemma to life.

A talk by Fortinet and Nouveau really stood out for me as a fantastic way of not just identifying the issue but breaking it down for a non-technical audience.

Jonny Tennyson, Security Fabric Specialist at Fortinet spoke about Quittin’ Quentin, Disgruntled Dave, Sandra the Spy and Careless Caroline as a way of personalising the real issues we face when dealing with an Insider Threat. While getting quite a few laughs from the audience, I couldn’t help but wonder if this was the perfect way to educate HR departments outside of the sector.

Quittin’ Quentin is a person who feels as though he can’t progress in his company and decides it’s time to move on. When leaving, he wonders what the best way to deliver value to his new company would be and looks over his options – he could take his experience, research and perspective or, he could take clients, contacts or even IP addresses from his current company to a detrimental effect. It is really important that anyone who is leaving a business; who has access to customer data, is monitored to ensure a malicious breach doesn’t occur. Using an example of a person in this instance, makes it a plausible reality for non-Cyber professionals and the same can be said with Disgruntled Dave who has been offered the world. 

Brought in on a series of false promises, he now has access to the IP address alongside anything he would need to cause an issue with, including the source code. Unlike Quentin, he isn’t known to be disgruntled just yet which makes him even more dangerous. And even more dangerous is Sandra the Spy. A senior individual who is likely to be poached by another organisation with an offer she can’t refuse. Also disgruntled, she can become entrenched in corporate espionage and leak information from one company to another.

While these characters form the 50% Insider Threat that is malicious. Careless Caroline is the employee that HR departments need to be really aware of. Meaning no harm but with a great responsibility, has access to a lot of information across the business. She’s ignorant, under pressure, poorly trained and becomes the victim of phishing or social engineering. While Caroline is trying her best to get the job done, she isn’t aware of the detrimental affect her curious mind could cause by clicking on a peculiar link – why would she, she has never been told not to.

Insider threat is on the rise and 63% of companies declare they are concerned about this with 57% claiming they are concerned about inadvertent data breaches. 53% worry about malicious breaches.

With more organisations fearing accidental breaches, a workforce made of disgruntled and poorly trained employees should be our first step-change and HR have a huge role to play in this. I would love to hear your thoughts on Quentin, Dave, Sandra and Caroline and more importantly, what you think needs to be done to reduce the Insider Threat.