- Corporations face more insider risk due to the changing work environment, both in terms of increased remote work and growing employee turnover, a panel of experts speaking at the Mandiant Cyber Defense Summit said.
- Companies need to control how much access an employee has to sensitive data, according to Bob West, managing partner of West Strategy Group. By properly using identity access management tools, companies can minimize the amount of data workers handle.
- The whistleblower case involving former Facebook employee Frances Haugen, who testified yesterday before a Senate subcommittee, was an example of poor insider risk management, according to panelists. Haugen testified that Facebook ignored known threats to children, and also knew that it was amplifying behavior that posed a national security threat. Companies need to create an environment where workers felt they were being listened to and Facebook should have been able to detect that an employee was downloading thousands of sensitive documents, panelists agreed.
The discussion about insider risk comes at a critical time for U.S. companies. The record level of employee turnover, dubbed "The Great Resignation" has led to a sharp increase in insider risk, according to research from Code 42.
Data exposure events jumped 61% from the first quarter of 2021 to the second quarter of 2021, according to that report.
Companies need to strike a balance in how they monitor employee behavior, according to Ron Bushar, senior vice president and CTO at Mandiant Government Solutions. Before coming to the company, Bushar worked at the Department of Justice, where he was part of a task force that dealt with insider threats.
"Why don't we make it gentle, but obvious to everybody who's dealing with sensitive data, that your actions are being monitored," he said.
Bushar said that by providing a subtle warning, an employee will get the message that if their actions were unintentional, there might be a way to influence the behavior so that a situation can be resolved before it escalates into a much more serious encounter.
Companies need to do a better job of understanding how to protect their intellectual property, according to Gunnar Newquist, client advisor at Strider. The theft of intellectual property has been the subject of numerous cybersecurity leaks involving nation-state operations. By gaining a better understanding of intellectual property, companies will be able to take proactive measures to prevent these types of data thefts, such as briefing employees on how to avoid being lured into such incidents.
CISA launched a tool called the Insider Risk Mitigation Program Evaluation late last month, which is designed to help companies do a self-assessment to find out if they have the proper technology and processes in place to better manage insider threats.
The tool is designed to help organizations determine whether they have the ability to proactively limit the amount of risk they have from insider threats and if they are exposed to some sort of data theft or sabotage, whether they have the ability to contain and remediate the damage.