Just read another good article that posed a question all us should be thinking about….. “How do you determine when someone becomes malicious?”  Statistics show most malicious employees didn’t join their company with the intent of stealing IP, customer data or sabotaging the network.

So, this lends credence to the question posed by Ajit Sancheti, CEO of Prempt, in the article.

Network monitoring and online behavioral analytics are the “Buzzwords” everyone is talking about and they are important tools to have in your Insider Threat Program Toolbox.  There are cases we and our CERT Partners have seen where malicious employee behavior was noticed by these tools, which proves they are important.

However, studies show the best defense to mitigate Insider Threats is a collective effort by all employee-facing departments to work together and share indicators.  Things that can be easily and quietly shared to sensitize leadership on who may be acting differently and possibly looking to remove sensitive data include:

  • HR List of pending employee departures provided to IT and Security.
  • Security list of “after-hours” facility accesses to HR and IT.
  • IT list of risky cloud/websites visited by employees to HR and Security, which can drive upcoming security training and newsletters. Educated employees on risks and many will avoid future visits to these sites.

Here’s a link to the article “Insider Threat: How to Spot Risky Behavior” on the bankinfosecurity.com website.