Corporate landscape shifts pose difficulties for maintaining security against internal threats

In the dynamic world of technology and business, the issue of insider risk has become a pressing concern for many organisations. This is particularly true in the current climate, where remote work and employee turnover are on the rise.

According to a report by Code 42, data exposure events increased by 61% from the first quarter of 2021 to the second quarter, highlighting the need for effective insider risk management. This issue came to the forefront with the whistleblower case involving former Facebook employee Frances Haugen, who testified before a Senate subcommittee about the social media giant's alleged disregard for known threats to children and national security.

The panelists at the Mandiant Cyber Defense Summit discussed the rising insider risk due to the changing work environment. They emphasised the importance of companies adopting robust identity access management tools, such as those suggested by Bob West, managing partner of West Strategy Group. West advocates for controlling an employee's access to sensitive data to minimise potential risks.

Another crucial aspect highlighted by the panelists was the need for companies to create an environment where workers feel heard. This could potentially prevent instances like the Facebook whistleblower case, where an employee felt compelled to come forward due to a lack of internal channels for addressing concerns.

The Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with Carnegie Mellon University’s Software Engineering Institute, launched the Insider Risk Mitigation Program Evaluation tool last month. This tool is designed to help organisations self-assess their ability to manage insider threats proactively and respond effectively to data theft or sabotage if needed.

Gunnar Newquist, client advisor at Strider, emphasised the need for companies to better protect their intellectual property. He suggested briefing employees on how to avoid being lured into incidents of intellectual property theft, a concern that has been prevalent in numerous cybersecurity leaks involving nation-state operations.

Ron Bushar, senior vice president and CTO at Mandiant Government Solutions, emphasised the need for companies to strike a balance in how they monitor employee behaviour. He suggested a subtle warning to employees dealing with sensitive data, indicating that their actions are being monitored, as a potential deterrent for unintentional actions that could escalate into security threats.

In conclusion, the discussion about insider risk comes at a critical time for U.S. companies. By adopting robust identity access management tools, creating an environment where employees feel heard, and implementing proactive measures to manage insider risk, organisations can mitigate potential threats and ensure the security of their data and intellectual property.

Corporate landscape shifts pose difficulties for maintaining security against internal threats