The discussion in this group revealed that, perhaps not surprisingly, insider threats are something that all security teams across all sectors are dealing with. However, each team is at varying levels of maturity in their programs to address or combat these threats. Insider threats can be a difficult challenge to address, as it all depends on how the insider chooses to apply the information. Many members of the discussion had a plethora of insider threat examples to provide, indicating the complexity of the issue. One member provided a case study wherein an employee of a healthcare organization gained access to sensitive information due to the privileges their role provided them. However, rather than send that information electronically, where it would have been more easily detected, the insider wrote it down manually with pencil and paper—not something that any computer system can track. Surprises like this are what make developing comprehensive insider threat programs tricky.
The group then transitioned to discuss what tools or programs they can put into place to best address insider threats, and all agreed that a detailed identity and access management infrastructure is absolutely necessary. Employees’ privileges should match their role; when an employee leaves or changes departments, their privileges should be revoked or reviewed accordingly; and so on to maintain control over what insiders can access. Assessing these privileges should never be just a “check box” for management—it must be a deliberate process that they should be held accountable for.