The issue of insider threats can be difficult to frame for a conversation because it can cover such a wide area of issues. For this discussion, they focused on the people and technology involved in addressing insider threats. Regarding the “people” aspect, the table agreed that you should start by first defining use cases so you can study their actions, behavior, and more in order to identify insider threats faster in the future. The group noted that many of these threats are not necessarily malicious in intent but are just accidental or circumstantial. To protect the company from such instances, teams must pay attention to what assets each user has access to and how they can be utilized—which is where use cases can come in handy. Furthermore, admins in a company can play a large role in preventing insider threats. They hold the “golden key” of access to all data and assets. They’re very powerful people who can designate proper access to each user that limits their ability to discover (intentionally or not) sensitive company information.
Regarding solutions, before you dive into advanced analytics and new technology, there are many things that teams may already have in place that they can leverage. For example, many teams already use Data Loss Prevention tech to protect areas of their infrastructure. That same DLP could be redirected and adapted to identify and prevent data getting into the hands of someone without permissions. Using tools already at your disposal, such as current technology and admins, can help you address the issue quicker and prevent this difficult issue from occurring.