A lot of noise exists across the cyber security industry today about insider threat risk, including how to define insider threats, how to evaluate the best solutions currently available, and how to balance employee privacy issues. No matter what your organization’s critical assets are or what industry you operate in, you can easily become distracted by all the chatter about the latest insider threat actor profile trend or the latest emerging technology that could be exploited by an insider and bring subsequent harm to your organization.
If you are looking for a starting point to approach insider threat risk management, or you would like to review how far your organization has come with its mitigation plans, the following three tactical recommendations can feed directly into your larger strategic plan for fortifying your organization’s defenses against the insider threat:
- Accept insider threat risk as an enterprise risk, not solely the responsibility of the IT department. Your organization’s Insider threat risk vulnerability surfaces are not mutually exclusive, so taking a piecemeal approach to managing this risk is less than ideal. A strategic approach to insider threat risk management includes consideration of digital best practices, organizational policies, people, and physical security controls.
- Identify who in your organization is responsible for managing insider threat risk decisions and provide them the resources and support to do so. Depending upon the size of your organization, you may need to designate more than one insider threat risk management POC. You might consider establishing an insider threat task force comprised of staff across your organization that includes security, HR, legal, and IT.
- Do not assume that your organization needs to create a position solely for managing insider threat risk, or that it needs to build a large-scale, formal insider threat risk management program, until you do your homework. You do not have to decide today on the size or formality of your organization’s approach to insider threat risk management. Alternatively, you can take a due diligence approach after designating an insider threat risk management POC by tasking them, or an insider threat risk task force, to explore the issue to determine what your organization does need. If you do not have the resources to make this determination in-house, consider looking to an external, third-party to provide recommendations for insider threat risk management next steps that are tailored specifically to your organization’s mission, critical assets, size, and other specific criteria.
These initial approach steps can help your team start addressing insider threat risk to best protect your organization’s most critical assets from harm.