Security Magazine: National Insider Threat Awareness Month 2022
On September 8, NetSPI Managing Director Nabil Hannan was featured in Security Magazine’s article on National Insider Threat Awareness Month 2022. Read the preview below or view it online.
+++
September is National Insider Threat Awareness Month, which emphasizes the importance of safeguarding enterprise security, national security and more by detecting, deterring and mitigating insider risk.
The risks of espionage, violence, unauthorized disclosure and unknowing insider threat actions are higher than ever; therefore, maintaining effective insider threat programs is critical to reducing any security risks and increasing operational resilience.
National Insider Threat Awareness Month is an opportunity for enterprise security, national security and all security leaders to reflect on the risks posed by insider threats and ensure that an insider threat prevention program is in place and updated continuously to reflect the evolving threat landscape.
Below, in honor of National Insider Threat Awareness Month, security leaders offer advice on how to reduce insider threat risks effectively.
Nabil Hannan, Managing Director, NetSPI:
To account for internal threats, there must be a mindset shift in what constitutes an organization’s threat landscape. Most companies focus exclusively on external threats and view their own people as trustworthy. As a result, insider threats are often under-addressed cybersecurity threats within organizations. We learned with SolarWinds that detecting such a threat is vastly different from traditional pen testing, code review or other vulnerability detection techniques.
Security teams need to move from only looking for vulnerabilities to also looking for suspicious or malicious code. With a vulnerability, the threat actor interacts with the attack surface in a way that exploits a weakness. With malicious code, the threat actor is either choosing or creating the attack surface and functionality because they have control over the system internally.
So, instead of the threat actor exploiting vulnerabilities in the attack surface, now the threat actor creates the attack surface and exercises the functionality that they implement. Failing to implement threat modeling that studies potential threats to both vulnerabilities and malicious code can set your organization up with a false sense of security.
You can read the full article at Security Magazine!
Explore More News
Cyber Defense Magazine: From Clips to Clones: Social Media’s Role in the Rise of Voice Fraud
The article shows how employees, often unintentionally, provide attackers with abundant voice data and contextual clues through posts, podcasts, video clips, and online interactions, making impersonation easier than ever.
Solutions Review: AI and Enterprise Technology Predictions from Industry Experts for 2026
Nabil Hannan, Field CISO at NetSPI, contributed a 2026 cybersecurity prediction to Solutions Review's article, warning that AI will accelerate rather than eliminate tool sprawl in organizations.
DevOps Digest: 2026 DevOps Predictions – Part 7
Paul Ryan, Senior Director of Web Application Penetration Testing at NetSPI, contributed a prediction to DevOps Digest's article forecasting that API growth is still in its early stages despite significant expansion in 2025.