As we prepare to join the security community at the Insider Risk Summit on September 17, a few speakers have kindly agreed to share their perspective on insider risk.
First up is Peter Hadjigeorgiou, a senior security relationship manager at Code42. Peter works on designing, developing, and deploying insider threat and data protection programs to enhance an organization’s ability to prevent, detect and respond to insider threats. He previously held roles as a consultant to public and private sector entities and worked on internal security teams for Deloitte and NetApp.
Code42: Why is insider risk a more important area than ever for organizations to address?
Peter: Insider risk isn’t really a “new” problem. It’s been with us, well, forever. But it manifests in different ways over time. My mentor, Dr. Mike Gelles, likes to use the phrase “from brick and mortar to bits and bytes” when talking about the evolution of insider risk. Back in the day, you heard stories about crooked FBI or CIA agents stealing physical documents from offices and doing dead drops under park benches in rural Virginia. Today, exfiltrating information is easier than ever and the response to this challenge has necessarily transitioned to the cyber realm. As more companies depend on the sanctity of their intellectual property, the need for data protection is growing increasingly important.
Code42: What predictions do you have regarding insider risk and how security will continue to adapt?
Peter: I’d predict that insider risk programs will trend away from technical controls and restrictions, and move increasingly towards comprehensive solutions, involving security and awareness training, corporate culture and the “human firewall.” Tesla’s recent huge win, where an employee actively chose not to become an insider and instead notified security and worked to support the investigation, is an example of this shift. Given the pace of change in technology and increased use of collaboration tools, we simply can’t stay ahead of malicious insiders with tech alone. I think we’ll start to see more organizations put insider risk solutions at the center of their security programs, rather than building increasingly complex amalgamations of hardware and software.
Code42: What’s one piece of advice for teams considering an insider threat program?
Peter: Start small, find the low hanging fruit. Whether that’s departing employee data exfiltration or being hyper-focused on a certain set of strategic data assets, don’t try to build a mature program all at once. A phased approach allows teams to understand the people, processes and technology implications of the desired end state insider program.
Code42: In your experience, what technical capabilities have made the greatest impact in reducing insider risk?
Peter: Identity and Access Management tools and Endpoint security tools.
Code42: What’s one false assumption many teams/leaders/execs have about insider threat programs?
Peter: The belief that standing up an insider threat program will eliminate data theft entirely often leads to misalignment and unrealistic expectations. Some leaders think there is a way to get to zero data loss, but it’s a losing battle that could ultimately have adverse consequences on the productivity of a workforce, the company culture and more. Accepting that you will lose data, but figuring out how to minimize it, and how to prevent the most critical items from being taken, is much more realistic.
Hear more from Peter in his Insider Risk Summit session, “Tales from the Insider Crypt: The Evolution of Insider Risk Maturity.” Register for this free event today.