Page 44 - Cyber Defense eMagazine for July 2020
P. 44
Is Proactive Insider Risk Mitigation Possible?
Why Companies Need More Than Technical Indicators to Identify Their Biggest Threats Before They
Do Harm
By David A. Sanders, Director of Insider Threat Operations, Haystax
Most corporate insider threat programs are structured and equipped to mitigate adverse events
perpetrated by trusted insiders only after they have occurred. But proactive insider risk management is
possible – and it starts with a robust approach to detection.
Consider this scenario, based on a real-life case, in which a concerning insider threat event turns out to
be more complicated than expected:
John commented to other employees that it would be easy to take down the new cloud services
his company recently migrated to from their on-premises systems. The employees reported the
comment to their manager, who reported it to human resources and ultimately the company’s
insider threat program. An investigation revealed that John was angry because his role had
changed with the new architecture. In addition, he was clinically depressed, off medication and
had suicidal thoughts. The investigative results prompted a coordinated response among the
insider threat program, security, legal and human resources. The threat was mitigated, with the
final step of referring John to the employee assistance program.
Because the insider threat team was notified about one behavioral indicator of a high-impact event,
additional indicators were gathered and assessed to determine that John was a potential threat to the
company and to himself. In doing so, the company was able to intervene and proactively mitigate an
insider threat event before it occurred. The resulting cost and impact were minimal. By contrast, the
projected cost and impact of the cloud services being taken off-line for one day were very high.
Cyber Defense eMagazine –July 2020 Edition 44
Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.
