How to Start an Insider Threat Program for Your Organization

This past spring, the Coca-Cola Company revealed a data breach affecting as many as 8,000 personnel resulting from a former employee who had a hard drive full of employee personal data. And, this summer, Tesla announced it had discovered a current employee that was working to sabotage code in the Tesla Manufacturing Operations System and ferreting sensitive data to third parties. These instances are, unfortunately, far from isolated. The Global State of Information Security 2018 report found that the top source of security incidents (30%) are current employees, and the next highest threat category is former employees (26%), beating out unknown hackers and competitors. The threat from inside is very real.

Building Up Security Inside-Out

As these statistics show, your company can easily become vulnerable as a result of a current or former employees actions. To address this unique security problem, businesses need to develop a company-wide insider threat program. This program should reach all areas of the company working to “establish a source of relevant information, set of protocols, and mechanisms to detect, prevent, and respond to insider threats. Included in the insider threat program should be: mission, detailed budget, governance structure, and a shared platform”. The program ensures oversight processes, incident response plans, infrastructure technology that enables prevention and detection of insider threats, and similar components are part of the company’s security approach.

Don’t Forget the Big Picture

An insider threat program will fail if it’s completely technology-focused. A successful insider threat program has to be well-rounded and consider not only cybersecurity from a technical perspective but also from a people and processes outlook. For example, are new employee vetting processes thorough enough? Is a culture of work/life balance and positivity and productivity embraced starting from business leaders and trickling down throughout the organization? Are there policies in place to ensure security access at all levels is monitored and logged? These considerations can make a big difference in protecting your company from creating disenfranchised current and former employees.

Does Your Company Past the Test?

To set the baseline for your current security posture and help determine a starting point for developing effective insider threat processes, consider third-party penetration testing services. This security exercise, in which a trusted third party applies real-world scenarios to penetrate your existing security perimeter, can reveal critical vulnerabilities and give you concrete data on how to take steps defending against both types of threats: internal and external.