Top 10 considerations for building an insider threat mitigation program
Learn more about our practice
Organizations continue to face a variety of insider threats, as demonstrated by a string of high profile cases where employees in pursuit of validation or affirmation have used their knowledge and access to physical and/or information systems to cause significant damage. These cases highlight vulnerabilities and underscore a historical perception that insider threat mitigation is predominately a cyber-security challenge, and categorized as a strictly information technology responsibility.
- Define your insider threats: Don’t be surprised if your organization hasn’t defined what an insider threat is.
- Define your risk appetite: Define the critical assets (e.g., facilities, source code, IP and R&D, customer information) that must be protected and the organization’s tolerance for loss or damage in those areas.
- Leverage a broad set of stakeholders: The program should have one owner but a broad set of invested stakeholders.
- Technology, alone, won’t solve the problem: The insider threat challenge is not a purely technical one, but rather a people-centric problem that requires a holistic and people-centric solution.
- Trust but verify: Establish routine and random auditing of privileged functions, which is commonly used to identify insider threats across a broad spectrum of threats in a variety of industries.
- Look for precursors: Case studies analyzed by Carnegie Mellon University’s Computer Emergency Response Team program have shown that insider threats are seldom impulsive acts.
- Connect the dots: By correlating precursors or potential risk indicators captured in virtual and non-virtual arenas, your organization can gain insights into micro and macro trends regarding the high risk behaviors exhibited across the organization.
- Stay a step ahead: Insiders’ methods, tactics, and attempts to cover their tracks will constantly evolve, which means that the insider threat program and the precursors that it analyzes should continuously evolve as well.
- Set behavioral expectations: Define the behavioral expectations of your workforce through clear and consistently enforced policies.
- One size does not fit all: Customize training based on the physical and network access levels, privilege rights and job responsibilities.