The Importance of Insider Threat Mitigation Training

on June 13, 2019 |

Intellectual Property & Trade Secrets – Gone In 60 Seconds

What your company spent years to develop can be lost in an instant at the hands of “Just 1 Malicious Employee“, with the click of a mouse. The continued incidents of employee theft, intellectual property and other malicious actions, paint a dark picture of what employees do when they are disgruntled, moving on to a new job, are under financial pressure, or trying to live a life style beyond their means, and may find a strong incentives to steal from their employers.

Detecting and mitigating against Insider Threats is one of the most difficult challenges for companies, organizations, and governments. In fact, behind phishing, it is most often ranked as one of the top cyber security challenges by CISO’s and CIO’s.

External Hackers are not the only threat your business or organization may be facing. One of your biggest risks comes from your own employees. A recently published Harvey Nash / KPMG survey of nearly 4,500 CIOs and tech leaders globally, finds that the Insider Threat problem is the fastest-growing one of all.

Every year, the comprehensive Verizon Data Breach Investigations Report (DBIR) provides the industry with a deep dive into the latest trends in cyber security incidents. The 2019 report found that Insider Threat incidents have been on the rise for the last four years. This year’s report also shows that 34% of all breaches happened as a result of Insider Threat actors.

More than any other industry, healthcare’s breaches are overwhelmingly caused by insiders, with nearly 60% tied to Inside actors. Healthcare is the only industry where insider-caused breaches outnumber external attack vectors

Numerous other reports and incidents related to Insider Threats provide clear evidence that malicious employee actions can be very costly and damaging to organization. Posted on the National Insider Threat Special Interest Group and the Insider Threat Defense Group websites are some eye opening reports and incidents related to the Insider Threat problem.

Insider Threat Has Many Definitions

The Insider Threat problem is not just about stealing an organizations data. The threats employee may pose to an organization can be vast. The importance of defining what constitutes an Insider Threat in your organization is critical. The definition of Insider Threats is board, and goes far beyond what compliance regulations define as Insider Threats.

Mimicking The Mind of a Malicious Insider

Insider Threat Mitigation also requires mimicking the mind of a malicious Insider to assume their point of view. Reviewing past incidents and case studies provide in-valuable insights into how malicious Insiders have achieved their objectives. This will help organizations enhance their security defenses, before a Real Malicious Insider exploits an organizations security vulnerabilities, to achieve the objectives.

Protecting Your Organization Assets

The Insider Threat problem is not going away. It costs nothing to do nothing to mitigate Insider Threat risks. But it will cost your organization in the long run. Words like qualitative, quantitative, metrics, risk scores, compliance, compliance requirements, security strategy, forecasting, analytics, benchmarks, etc. mean nothing to a determined Malicious Insider. These words also mean nothing when a security professional is briefing the CEO on how the Insider Threat incident happened, and why the organizations “Cyber Security Insurance” won’t cover the organizations losses.

Insider Threat Mitigation Training

The ITDG offers a variety of Insider Threat Mitigation Training Courses. Our most popular is the “Insider Threat Program Development – Management Training Course”.

Join us, Tuesday, June 25, 2019 at 8:00 AM – Wednesday, June 26, 2019 at 5:00 PM (EDT), Washington, DC.  With support from Cyber Defense Magazine, you’ll receive $100 off by following this link and signing up today:

https://www.eventbrite.com/e/insider-threat-program-development-management-training-june-25-26-washington-dc-cyber-defense-tickets-63301416240

Show Buttons
Hide Buttons