Insider threats is a very current and thriving topic in information security—for good reason. During this roundtable, participants in the discussion agreed that they do not want their companies to be seen as “jerk companies.” They do not want to intimidate people into compliance to avoid insider threat risk. After establishing that premise, the table asked: why do we call it “insider threat,” which sounds scary and malicious, rather than “insider risk”? We should, the table agreed, find alternative messaging that doesn’t inherently accuse our neighbors around us of threatening the business, so that we can approach the problem from a team-based perspective.
Defining “insider threat” is also tricky. Is it compromised accounts, is it accidental, is it any red flag occurring within your network? Or is it a very specific issue of malicious movement against your organization? Furthermore—when does insider threat risk end? Does it end immediately when someone is terminated from the company, or is there a buffer of time after they’re gone where they still must be monitored by your team? The participants spent a long time deliberating over these questions—though the answers were far more situational than widespread.
Last, the table noticed that they did not spend as much time as expected discussing technology that addresses insider threats. Do we need new technology to address this issue—or do we already have it? Moderator Shane Callahan noted that it is strange, coming from a technology-based career, to say we may not need new tech to handle the issue. However, Callahan noted that perhaps we already have the tools we need in our grasp and in our systems; those tools simply need to be repurposed to address issues in a different way.