The initial question is: Do you have an insider threat program? Among the roundtable participants, it was split evenly between those that have a program, those that are just starting one, and those that are looking to create one—but they agreed it was a necessary aspect of a team. What do these programs actually aim to protect, however? The major point that these efforts can protect would be the endpoints, where users are most volatile and data is most vulnerable. To create the programs that can protect these points and educate users against becoming these threats, the group agreed that you must have a program in place that is sponsored by your executive leadership to receive the most support across the company. The executive board, legal, HR, InfoSec, data privacy, law enforcement, and so on—all aspects of your organization should be in support of and constantly enforcing your program to maintain control over and minimize insider threats.
We want to reach a point where machine learning and AI can handle insider threats, but we haven’t quite reached the point where we can be comfortable that they’ll handle the job without issue. However, in the meantime, your technology staff is there and is more than capable of planning, creating, and initiating an insider threat program. Once your team generates a program that is supported by your higher-ups, you are already on your way to better insider threat protection. The next step is training the entire organization. Beyond just supporting it, every team of your company should be trained to understand insider threats and how to avoid creating them or becoming one. The best protection against insider threats is internal education.