Insider Threat: Is Your Business Simply Secure From the Inside?

Photo by Tim Bennett
  • usually long-standing, formally loyal employees, to whom something happens along the way to alter their feelings towards their employer (such as perceived unfair performance reviews and rewards, or actions taken by the employer which the employee feels are unacceptable). This is where their previous loyalty can turn to betrayal.
  • Leavers, where approx 10% of company leavers take IP or client data with them because they feel they are entitled to take it and there will be no consequences in doing so. This theft is often opportunistic in the absence of effective deterrents.
  • Malicious acts are usually committed approx 3 weeks before an insider leaves the company.
  • Centre for the Protection of National Infrastructure (CPNI)
  • Insider Threat Unit at US CERT
  • Deloitte

Accountability

“Like a boss” print” by Brooke Lark
  • What are our Top 5 threats?
  • What is the Return on Investment (RoI) on our insider risk defences, including, specifically, monitoring for insider risk?
  • What’s our company Insider Risk Strategy and what progress is being made?
  • What more can the Senior Leadership Team do?
  • What Potential Risk Indicators are we using and in what ways are they being used?

Culture

Strategy

  • CHOOSE — Appoint a SAO (single accountable owner)
  • POSITION — Align your senior team on what insider risk means for your company and how it is managed
  • GOVERNANCE — put in place effective insider risk governance. Make your approach transparent, risk-based and proportionate, while protecting knowledge of gaps in your defenses.
  • STRATEGY — Create and apply your Insider Risk Strategy and ensure it meets your cultural, privacy and legal needs
  • TRAINING — Put in place effective insider risk training to ensure your functional leads and supervisors, respectively, understand how the senior leadership team expects them to manage the specific threats they encounter.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store