More than 50% of cybersecurity incidents have an "insider" component, where one of your "trusted" partners (employees, contractors, suppliers, etc.) are involved, wittingly or unwittingly, in activity which causes or enables a cybersecurity breach. These partners often operate inside your enterprise's "circle of trust" which provides them with near, or totally, unfettered access to your IT infrastructure, bypassing the defenses tasked with securing your infrastructure and defensive perimeter. One approach to addressing this threat vector is the active monitoring of the activities of your insiders to identify risky or malevolent behavior in advance of an adverse cyber event. Of course, monitoring of "employees" often draws the attention of the Human Resources department who take a dim view of this intrusion in to the "privacy" of trusted partners. You can't have it both ways: What Price Security? A few thoughts from my most recent post for RSA Blog...