Security in the Dark: Recognizing the Signs of Hidden Information

As humans, we don’t always make the right decisions, of course. When we do, it’s generally because we are basing those decisions on accurate data. Simply put, sound decisions require deducing the correct conclusions from an accurate data set. Further, the more complete the data set we are analyzing, the better chance we have of arriving at the right decision.

Nowhere is this more pertinent than in the security field. When we look to properly assess, prioritize, and mitigate risk, we need the most accurate and complete data we can get. When we don’t have that, we end up doing a lot of guess work, and that can have disastrous consequences for the organization’s security posture.

In some cases, the necessary data might not be available. But in other cases, it is purposely being withheld and hidden from teams (including the security team) that need it.  There are a variety of reasons why a person or group of people might withhold data, but that discussion is beyond the scope of this piece.  Instead, I’d like to take a look at some of the signs that a person or a group is hiding things. Knowing the signs that data is being withheld can help make security teams wise to it, which, in turn, will help them operate with eyes wide open to better manage the organization’s security posture.

1. Dodging: When someone is not hiding anything and they are asked a straightforward question, they generally have no issue giving a straightforward answer.  If, instead, the response to a straightforward question is extremely partial, overly complex, confusing, off-topic, winding, or otherwise, it is generally a sign that they are hiding something.
2. Acting secretly: When someone is operating on the up and up, they generally operate openly and transparently.  If, on the other hand, a person begins acting secretly via backchannels and closed-door conversations, it is usually because there is something they are trying to hide.
3. Cutting access to information: Another trick of withholders is to cut access to information (and people who can share information).  If you suddenly find that people that you were regularly in touch with and regularly shared information with suddenly disappear, are unresponsive, and/or tersely tell you they can’t help you, that is also a sign that they have been instructed to keep things from you.
4. Deflection: Another tactic people use when hiding information is deflection. If you find it hard to keep the conversation (whether written or oral) focused, that it is going around in circles, and/or that it is bouncing around in all different directions, that is generally an indication that they are hiding information.
5. Accusations: Have you ever made a statement of fact, made an obvious observation, drawn a logical conclusion, or asked a straightforward question only to be met with a heap of accusations in return?  This is another sign that someone has something to hide.  What is important to remember here is not to react, not to get emotionally invested, and not to feel a need to defend yourself against the accusation.  The accusation is meant solely to derail the discussion and get it off-topic.  It is also important to remember the concept of projection – these types of people most often accuse you of what they themselves are guilty of.
6. Ad hominem attacks: We’ve all likely been involved in a situation where we think we’re talking about a specific topic, perhaps professional in nature, and then all of a sudden, our character and/or intentions are being attacked, often after many inaccurate assumptions have been made.  Again, it is important to remember the concept of projection.  People most often attack you for flaws that are not yours – rather, they are the flaws of the one launching the ad hominem attack.
7. Rushing forward: Have you ever been working with someone on a project, and all of a sudden, they express a need to rush forward and begin bulldozing ahead?  Have you ever asked them why this is all of a sudden necessary, only to receive vague responses, a list of excuses, or no response at all?  This is generally a red flag and another sign that things are being hidden from you.
8. Flipping the narrative: Perhaps the most deceitful and painful of the tactics of hiders is when they flip the narrative.  The person hiding the information has most likely been the one acting in a shady and duplicitous manner.  Yet, suddenly, they are the poor victim that everyone needs to have sympathy for, accommodate, and placate.  Indeed, this is perhaps the worst of all the tactics that those hiding information resort to.  Nonetheless, it is important to be aware of and on the lookout for it when it happens.

Unfortunately, not everyone we encounter in life (both professionally and personally) will be a good faith player. While there are various different types of bad faith players, those who withhold and hide information are a particularly problematic breed. Limiting or otherwise restricting access to the vital data that security teams need to best operate is dangerous to the organization. At a minimum, it lowers the security posture by forcing the security team to make decisions based upon incomplete and/or inaccurate data. Worst case, it could expose the organization to significant risk, which can have dire consequences.

Related: The Loudest Voices in Security Often Have the Least to Lose

Related: Security Teams Pay the Price: The Unfair Reality of Cyber Incidents