Mitigating Insider Threats
Thanks to the interconnected world we dwell in, cybercrime is gradually turning into a huge business. A new threat seems to loom every other day. However, organizations need to be conscious, not only of the external threat but also of the threat that could cause malice from the inside, via employees, former employees or contractors. Insider threat has the potential to cause damage on a magnanimous scale and pose a threat to the organization’s integrity and confidentiality. Preparing the personnel in advance for the threats is just as crucial as placing the technology to deal with it.
It is a common misconception that IT department is solely responsible for maintaining the overall security of the organization. However, instilling a basic sense of responsibility among the employees through awareness programs can go a long way in the mitigation process. Further, an organization must carefully analyze the access, be it physical or digital, an employee could gain. Running background checks on potential employees before granting access can reduce the risk involved. On the other hand, since most organizations outsource their cloud requirements, they must be prepared to mitigate any damages that the suppliers could cause. It is important even for the suppliers to abide by the organization’s policies. At the same time, the systems within the organizations need to be kept updated, should be protected with strong passwords and regularly backup your data so that the insiders have lesser attack touch points to exploit.
While employees could be the backbone of an organization, they are just as capable of breaking it. A Gartner report suggests that in excess of 70 percent of unauthorized access to organization’s data is committed by the employees themselves. By applying a holistic approach and integrating strong layers of protection around the systems, enterprises can protect themselves from the core while they tackle the external threats.
By Tom Farrah, CIO & SVP, Dr Pepper Snapple Group
By George Evans, CIO, Singing River Health System
By John Kamin, EVP and CIO, Old National Bancorp
By Phil Jordan, CIO, Telefonica
By Elliot Garbus, VP-IoT Solutions Group & GM-Automotive...
By Dennis Hodges, CIO, Inteva Products
By Bill Krivoshik, SVP & CIO, Time Warner Inc.
By Gregory Morrison, SVP & CIO, Cox Enterprises
By Alberto Ruocco, CIO, American Electric Power
By Sam Lamonica, CIO & VP Information Systems, Rosendin...
By Sven Gerjets, SVP-IT, DIRECTV
By Marie Blake, EVP & CCO, BankUnited
By Lowell Gilvin, Chief Process Officer, Jabil
By Walter Carvalho, VP & Corporate CIO, Carnival Corporation
By Mary Alice Annecharico, SVP & CIO, Henry Ford Health System
By Bernd Schlotter, President of Services, Unify
By Bob Fecteau, CIO, SAIC
By Jason Alan Snyder, CTO, Momentum Worldwide
By Jim Whitehurst, CEO, Red Hat
By Marc Jones, Distinguished Engineer, IBM Cloud Infrastructure