This group focused first on defining “insider threat” and the parameters with which you label such a threat. They agreed that insider threats are, first and foremost, those that appear within your employees; but are also found in contracted employees who enter into your workspace. Furthermore, these threats can come from former employees—those who have moved on to competitive spaces or another workspace who have retained their former credentials in your system. These individuals can still access and abuse your system if their permissions are not properly terminated. This last category stood out to the group, because even though it is a significantly crucial threat, many teams do not pay proper attention to such an issue due to the difficulty it presents, particularly if turnover is frequent. Other threats can come from system malfunctions—broken business processes or outdated systems. This kind of threat isn’t necessarily intentional, but it is a significant risk nonetheless when exploited by a potential attacker. The group noted that this threat should not be a constant issue for security teams and software. These system issues should be addressed and remedied as soon as they are found so overall focus can be shifted back to more problematic threats rather than consistent system problems. One significantly useful remedy to the consistent insider threat issue is labeling what information is particularly sensitive to begin with and securing that data from either intentional or unintentional abuse by employees. Last, the group reviewed technology to use in combating insider threats—Data Loss Prevention systems, behavioral analytics, for example, are popular but nonetheless very important tools in working against insider threats. Overall, insider threats can come from many different angles within or surrounding an organization, but defining parameters, making the system more efficient, and utilizing proper technology are all crucial steps in securing against these threats.