The 8th Annual Insider Threat Summit (ITS) wrapped up last week in Monterey, California, and once again it was an exciting event with opportunities to hear differing perspectives on insider risk and to network with the community’s top leaders.
Founded almost a decade ago, ITS was one of the first insider threat focused events in the US. It brings together a unique group from across the public and private sectors to share their experiences and insights, including their top insider threat priorities and how they are solving them.
With over 250 attendees and a full two-day agenda, there was lots to do. Increasing awareness of insider threats, including from headline-grabbing data leaks, has continued to grow this event and ultimately the insider risk community to better understand and defend against threats. It was great to hear the continual focus on behavior and the human domain, unlike so many security events today.
While lack of resources and need for training are still very much part of the discussion, three larger themes continued to find their way into most sessions and conversations.
Hacking is expensive. It is far easier to pay someone on the inside.
This is a well-understood idea, but it’s worth repeating. While the methods and motives for insider threats may differ, collusion between insiders and outsiders happens with far too much frequency. It is difficult to identify and stop and can cause greater damage. Headlines certainly confirm it, and often highlight the complexities in understanding who is a target. Insiders are targeted for all kinds of reasons, including because they hold company patents. DTEX President and Co-founder Mohan Koo had an insightful panel discussion with Melissa Cardiello from Verizon that included interesting ways to think about this, especially when tools like Signal and Telegram are difficult to monitor.
A common recommendation is to strengthen vetting for individuals and entities. This is clearly important and should be reconsidered (including of course social media activity and organizational affiliations), but alongside appropriate vetting is the need to capture organization-wide user activity, both on and off the network, and to understand behavior trends and situational context to form a holistic understanding of insider risk.
Strategize about risk and vulnerability before threats.
Risk is unavoidable. And threats are only one aspect. Thanks to Bill Stephens from ARLIS for talking about this in depth. Of course, if the focus remains on threats, the likelihood of a data incident significantly increases, and effective prevention strategies take a back seat. By taking a more strategic approach to risk and considering vulnerabilities as more than technical, it is possible to avoid a breach all together and completely change the game.
This includes not only an organization’s values but the rules and systems that influence employee behavior. Throughout the event, experts gave recommendations to work for continuous culture improvement and invest in the workforce. Invest in training. One keynote speaker, Dr. Eric Lang, Ph.D., describes things in terms of bidirectional loyalty. He has a good article here.
A strong culture can drive innovation, productivity, and lead to increased revenue. It also promotes a safer environment.
Collaboration is critical for success – across teams, companies, and industries.
Event speakers and attendees alike agreed that in most organizations, there are too many silos. This makes collaboration on important aspects of company safety challenging. We’ve written about it, too. But multiple sessions made clear that to make insider risk management programs successful, it is important to drive the mission together, across siloed teams. Toward the end of the event, one speaker closed with, “A multidisciplinary threat management team is perhaps the single most important feature of an effective mitigation program.” That resonated with the whole room.
Bring a range of stakeholders to the table. Bring IT and HR together. HR has a wealth of insight to contribute. Network with companies in the same industry and across industries. Share experiences on building an effective program, how to ask for budget, but also share threat indicators.
It was reassuring to see so much collaboration last week and it will be exciting to see that continue.
DTEX InTERCEPTTM is a purpose-built insider risk management platform that consolidates the essential capabilities of user and entity behavior analytics (UEBA), user activity monitoring (UAM) and data loss prevention (DLP) in a single, light-weight platform to provide early detection and mitigation of insider risks. InTERCEPT captures behavior trends with situational context from across an estate to form a holistic understanding of insider risk. It is deployed in many of the world’s most complex and highly regulated environments including government, critical infrastructure, energy, pharmaceuticals, banking, and finance.
Request a demo to learn more about how InTERCEPT enables proactive insider risk management.