Well hey there!  I hope everybody had a great Thanksgiving, and a great shopping experience on Black Friday!  I haven’t done any shopping but will plan to do so on Cyber Monday.  Anyways, as we make the last lap for the year of 2020 pretty soon, as I mentioned in a previous postings, there are a lot of buzz words that have been thrown out there. 

Some of them have been easy to understand, and some well, it takes a while to get the grasp of.

But, as we roll into 2021, the onslaught of new terms and jargons is only expected to proliferate even further.  One such word that has seen heavy usage is that of “Trust”.  Of course, trust can mean a lot of things to different people, but in the world of Cybersecurity, it comes down to one thing:  Has the person been properly authenticated before they are allowed to gain access to the shared resources that they want to use?

This is where the techno jargons of “Multifactor Authentication” and the “Zero Trust Framework” are often heard of.  But the term trust can also have its implications on the psychological aspects of Cyber world as well, especially when it comes to Social Engineering. 

In this regard, if a Cyberattacker knows how to play this kind of threat variant well in their favor, this implicit layer of “trust” can be greatly compromised, especially when confidential information and data is given out.

Perhaps the best-known example of this are the Business Email Compromise (BEC) attacks, in which an administrative assistant is often conned into wiring large sums of money to a phony, overseas bank account. 

But trust also extends to the work environment as well, even especially amongst the IT Security Teams.  In this regard, there is a huge level of it that is implied, because it is assumed that everybody here is working for the common of the company.

But believe it or not, even this can be compromised as well.  You may be thinking that you are working with a team in which you can share your innermost secrets, but yet, there good be a proverbial “bad apple” amongst the members.  So, what are some of the tell-tale signs that there could be somebody with malicious intent with whom you are working with?  Here are some of the clues:

*Two-way conversations become a one-way street:

Usually, IT Security teams meet with one another on a routine basis in order to share any new information that they may have collected, or even to share intelligence data.  In these cases, one would expect that there would be an equal amount of conversation exchange amongst your peers.  But it could very well be the case that if there is somebody with a malicious attempt here, the conversation could very easily flow into a single sided one.  In these instances, the person that is doing most of the talking will be asking most of the questions, and to some degree or another, will be demanding answers from you.  In other words, you may have the feeling that you have just been interrogated.  This is probably the first clue that you can pick up on.  But give this some to evolve.  It could be the case that your co worker is very proactive in what they do, and has a huge sense of urgency, and that is why they are asking a lot of questions.  But keep this potential red flag in mind as you engage in further conversations.

*It’s my way or nothing:

Usually, all of the members of the IT Security team want to work together for the common good, despite how burned out or overworked that they may be.  It’s just human nature to take this kind of approach.  But another sign of a “bad apple” rotting in your team is that if they don’t contribute very much, and instead, he or she instantly demands that everybody else on the team has to take their particular approach.  In other words, they only want to take, and they don’t want to give back in terms of meaningful dialog and input.  These kinds of people are dominating in nature, and know how to manipulate or trick others into giving in.  Most people of good conscience will not retaliate in this regard, as they don’t want to cause a fight and get possibly get fired.  If you are dealing with such a person on your time, rather than giving it, perhaps having a talk with your manager about what is going would be warranted.

*Offering a fake sense of generosity:

If there is a member on your team with whom you have struck a good deal with, be very careful.  For example, if you needed take a day off for some sort of family emergency and have swapped out that timeframe with another employee to over for your shift, it could come back to haunt you.  For example, right when you least expect it, that person could very well that the favor be returned back to them, often with very late notice.  In a very crude way, this could even be viewed as a sense of manipulation, because if you do not reciprocate this time around, the person with ill intentions could very well broadcast this to your other coworkers, only to make you look bad.  But keep this in mind:  With the Remote Workforce of today, pretty much everybody is flexible with time off and working in different time shifts. If anybody get this demanding, it could very well mean that they want to use this time to lay down their plans to launch an Insider Attack.  Another variant of this is known as the “Bait and Switch”.  With this, the “bad apple” on your team won’t demand anything, but rather, they will make false promises to give you something in return, when in reality, they have no intentions of doing so.  If they are countered with this, they very often will try to stay away from you and perhaps even become confrontational.

*Building up a team of cohorts:

Rather than taking the approach of “my way or the highway”, the “bad apple” will try to create their own gang of approvers with whom they have manipulated with in order to go with their way.  That way, the next time that you are in a team meeting, rather than just having one person demanding a unilateral approach to something, there he or she could have other co workers that support this view, without really knowing what they have gotten themselves into.  In this regard, when you have 4 or 5 people demanding that action be taken one way, there is a lot of peer pressure built upon you to go this route.  This kind of situation is also known as “promoting a narrative” because the “bad apple” is spreading a sense of false hope in order to get the support of others in their efforts.

My Take On This:

These are some of the warning signs that you should be on the lookout for.  But keep in mind, since everybody is pretty much WFH these days, it makes it even that much more difficult to ascertain these kinds of behaviors because all conversations take place either via video conferencing, phone calls, text, chat, or Emails. 

In other words, there is no direct, physical observation of the people you are dealing with in order to quickly pick up on other bodily cues as well.

But also remember just don’t jump the gun on the first time that you work with somebody that are exhibiting some of these characteristics.  In today’s times, everybody is on a high amount of stress and anxiety.  But, if you see a repeated pattern of these characteristics being exhibited, then it is time to have a talk with your manager about it.