The first thing we need to consider in a modern, data focused insider threat program is right there in the name.
insiders can be employees, contractors or third party vendors who have authorized access to internal data or computing systems.
A good security plan will already restrict access to data on a as needed basis.
For instance, those in engineering probably shouldn't have access to human resource data.
But it's not so much who the insiders are but what they're doing.
Not all insider threats or malicious. Most of it is accidental.
Technology has made it easy for employees to share files via personal email and the cloud legitimately.
One wrong click, though, and an organization could be on the hook for millions of dollars in lost revenue, fines for non compliance, AH, loss of intellectual property and damage to the brand.
Malicious insiders have all the classic motivations, ranging from financial gain to wanting to Harmon organization in a specific way.
Hackers are sometimes for gotten as an insider threat, but once they gain access to a system inside,
they qualify as an insider threat.
But more recently, workforce turnover has accounted for more than half of all insider threat incidents.
According to the U. S. Bureau of Labor Statistics. Job turnover in the U. S is at an all time high
and that turnover creates risk.
The simple act of changing jobs. Contempt employees to take company data.
Roughly 2/3 of employees admit to taking data when they leave.
Some are merely trying to make their next job easier. Others believe the files belong to them because, after all, it's their work.
More nefarious employees might use sensitive data as leverage when negotiating a new job offer.
And insider threat isn't limited to data Leaving your organization.
What about the data coming into your organization?
If a new employees successfully exfiltrate a data from their previous job? Ah competitors, for example, and brought that data into yours?
Yeah, pretty sure your legal team is very interested in avoiding the impending lawsuit,
whether their employees, contractors or 1/3 party vendors. It's not the people that are a threat. It's their actions, malicious or accidental.
Most insider threats are accidental for those that are not. In addition to the classic motivations, employees are changing jobs at a record pace and more often than not when they leave. They take data with, um,
of course, The insider isn't the only thing we need to consider.
Check out our other videos to learn more about the wise and what's before. We tackle the House of building a modern insider threat program.