Finding The Hidden InfoSec Story

The Sheep Biter – Insider Threat in Fable

Aesop’s fable ‘The Sheep Biter’ deals with a Shepherd and his Dog.

The Shepherd, as the story goes, had great trust in his pet, and often left the safety of the flock in his care. Unfortunately once the Shepherd turned his back, the Dog would sometimes kill a sheep and devour it. Once the Dog’s crimes become apparent to the owner he decided to hang the creature ‘without mercy’. Once the rope is around the Dog’s neck, it pleads for its life, asking the Shepherd to hang the Wolf in his stead, as its crimes are much greater. The Shepherd acknowledges this, but responds that the Dog is the greater villain for all that, and nothing will save the animal from the fate its treachery deserves.

The given moral for the fable is ‘The most dangerous enemy is the one within’.

We can see analogies with this historic fable in the world of Information Security. The Dog can be seen quite clearly as an employee who has been given trust to deal with the business of the owner, the Shepherd. The fate of the Dog can be seen as somewhat harsh, but this is reflected by the disappointment due to the abuse of the trusted position his pet holds. In the modern threat landscape, we can never discount the possibility of an employee working to the detriment of the organisation. The sheep can represent data that is stolen or sold, fraudulent activity, and any number of actions that would damage the organisation.

In this fable, we are told the Dog is well fed and treated kindly, so does not fall into the category of ‘disgruntled employee’. The animal in the fable is clearly abusing its position for personal gain despite its kindly treatment. Unfortunately this can be reflected in our modern society just as often. The promise of personal gain can inevitably be too much of a temptation for some, and a position of trust can all too easily be abused and used to divert attention from misconduct simultaneously.

The Shepherd relying on a single animal to care for his livelihood learns a serious lesson in the fable. Without another to oversee the work of his employee, or changing its duties, the Dog sees the crime it commits as unlikely to be discovered or punished. The practice of separation of duty and job rotation is not followed in the story, as is often the case within many businesses and organisations. As the moral of the fable and reported breaches currently show, often it really is the case that ‘The most dangerous enemy is the one within’.

Author: Paul Farmer

Share This Post On