Mitigating Insider Threats
Thanks to the interconnected world we dwell in, cybercrime is gradually turning into a huge business. A new threat seems to loom every other day. However, organizations need to be conscious, not only of the external threat but also of the threat that could cause malice from the inside, via employees, former employees or contractors. Insider threat has the potential to cause damage on a magnanimous scale and pose a threat to the organization’s integrity and confidentiality. Preparing the personnel in advance for the threats is just as crucial as placing the technology to deal with it.
It is a common misconception that IT department is solely responsible for maintaining the overall security of the organization. However, instilling a basic sense of responsibility among the employees through awareness programs can go a long way in the mitigation process. Further, an organization must carefully analyze the access, be it physical or digital, an employee could gain. Running background checks on potential employees before granting access can reduce the risk involved. On the other hand, since most organizations outsource their cloud requirements, they must be prepared to mitigate any damages that the suppliers could cause. It is important even for the suppliers to abide by the organization’s policies. At the same time, the systems within the organizations need to be kept updated, should be protected with strong passwords and regularly backup your data so that the insiders have lesser attack touch points to exploit.
While employees could be the backbone of an organization, they are just as capable of breaking it. A Gartner report suggests that in excess of 70 percent of unauthorized access to organization’s data is committed by the employees themselves. By applying a holistic approach and integrating strong layers of protection around the systems, enterprises can protect themselves from the core while they tackle the external threats.
By Nancy S. Wolk, CIO, Alcoa - Global Business Services
By John Kamin, EVP and CIO, Old National Bancorp
By Gregg T. Martin, VP & CIO, Arnot Health
By Elliot Garbus, VP-IoT Solutions Group & GM-Automotive...
By Bryson Koehler, EVP & CIO, The Weather Company, an IBM...
By Gregory Morrison, SVP & CIO, Cox Enterprises
By Adrian Mebane, VP-Global Ethics & Compliance, The Hershey...
By Lowell Gilvin, Chief Process Officer, Jabil
By Dennis Hodges, CIO, Inteva Products
By Gerri Martin-Flickinger, CIO, Adobe Systems
By Walter Carvalho, VP& Corporate CIO, Carnival Corporation
By Mary Alice Annecharico, SVP & CIO, Henry Ford Health System
By Bernd Schlotter, President of Services, Unify
By Bob Fecteau, CIO, SAIC
By Kushagra Vaid, GM, Server Engineering, Microsoft
By Steve Beason, Enterprise CTO, Scientific Games
By Steve Bein, VP-GIS, Michael Baker International
By Jason Alan Snyder, CTO, Momentum Worldwide
By Jim Whitehurst, CEO, Red Hat
By Alberto Ruocco, CIO, American Electric Power