Trust Isn’t a Shield: The Illusion of Security Without Controls

How many times have you trusted someone at work, only to find out that trust was the very thing that let them slip through your security net?

Trust is often celebrated as the foundation of strong relationships and effective teams. But when it comes to security, trust is not a shield. It doesn’t protect, it doesn’t monitor, and it certainly doesn’t control.

The illusion that trust alone can safeguard an organisation is one of the most dangerous misconceptions in insider threat management.

Think about it…How many times have we heard, “I trust them, they’d never do that”? Yet, history is littered with examples of trusted individuals who exploited that very trust.

Edward Snowden, for instance, was trusted with access to sensitive NSA data. That trust didn’t stop him from leaking classified information. Similarly, in 2020, a trusted employee at JPMorgan Chase in London concealed risky trades, resulting in a $2.3 billion loss, demonstrating that trust without verification and controls is nothing more than a blindfold.

Organisations must understand that trust is not a control. It doesn’t create boundaries, enforce accountability, or detect anomalies.

Take another example regarding security vetting...Just because someone has undergone the process of being security cleared or vetted does not mean they should be trusted wholeheartedly. It doesn’t mean that they are loyal.

Trust is a starting point, not a safeguard.

To truly protect the crown jewels, we need to continually judge trust.

Judging trust continually means moving beyond the outdated idea of granting trust once and assuming it lasts forever.

It requires organisations to actively monitor behavioural changes, conduct regular audits of access and activity, and foster open channels for peer and manager feedback.

This ongoing assessment helps identify subtle shifts, such as declining performance, unusual data access, or changes in attitude, that could signal emerging insider risk.

It’s about building a dynamic, real-time picture of trustworthiness rather than relying on static assumptions. Without this, organisations risk flying blind, assuming loyalty that may have eroded or been compromised.”

This isn’t complicated... We vet employees before hiring and then continuously reassess their trust throughout their tenure.

Next, we right-size permissions so people can do their jobs, but no more.

Finally, we must conduct effective monitoring. As retired U.S. Navy Admiral Hyman G. Rickover said, “You don’t get what you expect, only what you inspect.”

Your Challenge: Ask Yourself… Is Trust Assessment embedded into your organisation’s culture? Are you actively verifying trust, right-sizing permissions, and monitoring effectively? If not, you’re leaving your crown jewels exposed. Step up, lead with vigilance, and make trust a dynamic, living process, not a one-time checkbox. Your organisation’s resilience depends on it.”