More than 50% of cybersecurity incidents have an "insider" component, where one of your "trusted" partners (employees, contractors, suppliers, etc.) are involved, wittingly or unwittingly, in activity which causes or enables a cybersecurity breach. These partners often operate inside your enterprise's "circle of trust" which provides them with near, or totally, unfettered access to your IT infrastructure, bypassing the defenses tasked with securing your infrastructure and defensive perimeter. One approach to addressing this threat vector is the active monitoring of the activities of your insiders to identify risky or malevolent behavior in advance of an adverse cyber event. Of course, monitoring of "employees" often draws the attention of the Human Resources department who take a dim view of this intrusion in to the "privacy" of trusted partners. You can't have it both ways: What Price Security? A few thoughts from my most recent post for RSA Blog...
| less than a minute read
Cybersecurity and Insider Threats - The Frenemy Dilemma
Insider attacks tend to be a bigger threat than outsider attacks. Insiders can do more serious harm than external hackers because they have easier access to systems and a much greater window of opportunity. It’s also hard to detect them because they often look like everybody else in the network.