Organizations lose billions in revenue, intellectual property and potentially endanger the safety and security of operators in more clandestine environments due to sensitive information leaks. Additionally, organizations that work with government entities are now required to institute an insider threat program, yet many don’t know where to begin or with what division this responsibility lies. The top insider threat experts in the country convened in Monterey, CA March 19–20 to discuss these concerns and the impact it will have on companies and the government in the coming year and beyond. To bring a bit of the conference to you, I’ve made a few notes regarding those takeaways.
Here are my top five:
1. Data is integral to insider threat. The more and varied data we have, the easier it is to spot non-normative behavior. External data can show predispositions and stressors that might put someone at a higher risk of deciding to do something nefarious. This data is everywhere and harnessing it is becoming increasingly important.
2. Humans are the weakest links. Sometimes IT is an intern with a thumb drive and a desire to use a hot spot that unwittingly opens the door. Sometimes it’s an unmanaged/unprotected smart refrigerator allowing a view into your house and your network. In a world where IOT is standard, do you know where your access points are? If not, this can cause a potential disaster. Understanding how your wired life connects becomes integral to protecting it.
3. Identity is key. Building a coherent, consistent identity that can be used across identity and access management initiatives to ensure that actors are who they say they are, and providing granular access to only the things these actors should have access to will become a key component going forward in mitigating insider threat and identity issues.
4. AI and cyber security standards will become integral in insider threat mitigation. Organizations are losing billions in IT sabotage, fraud, intellectual property theft, and organization security espionage and employee negligence. A multilayered approach to cyber security defense to detect, identify, and prevent and implement AI to cognitively dissect and alert will become key to identifying insider threats in organizations.
5. Organizations will need to develop agility and resilience to keep pace with evolving threats. This is likely true across the board in all aspects of threat — from cyber to insider to terrorist. The reality is with the aptitude of insider threats to research, learn, and develop skills and techniques to aid them in nefarious quests, the ability to adapt and learn from past failures will be incredibly important. Not only in thwarting obvious threats, but addressing human imperfection or ignorance of security protocols.
Those were a few key takeaways from this year’s conference. If you’re interested in discussing insider threat issues with me, please contact me — I’d love to hear your ideas and questions.