The 2023 Insider Threat Report from Cybersecurity Insiders found that 74% of organizations are moderately vulnerable to insider threats. Insider threats have become a serious worry for many executives – not only do I hear concerns about insider threats from organizations looking to bring on a CISO, but also from CISOs themselves.
Despite this, insider threats are often not acknowledged because they create tension between coworkers and peers. Being concerned about insider threats might imply the company worries that its coworkers are behaving unethically. No one wants to think the worst in people, but insider threats are a genuine danger to all organizations.
That said, CISOs must protect both a company’s product and its employees from malicious actors. By acknowledging and addressing insider threats, CISOs can show they care for their coworkers by keeping them – and their accounts – safe from exploitation, as opposed to being suspicious of them.
The protocols a CISO would follow if an employee’s account was taken over by an external bad actor with nefarious intent are virtually identical to those taken to protect from similar actions by the employee themselves. The difference is that a CISO can prevent an insider threat through a combination of those existing measures and additionally ensuring that employees recognize that these protocols are in place for their own protection – and not because the company doesn't trust them.
Here's my advice for empathetically addressing insider threats from the get-go and how to facilitate a thoughtful and actionable dialogue around navigating insider threats within the organization:
As a CISO, it’s in my nature to be sensitive to the risk of malware or account hijacking, but the consequenc ..
Support the originator by clicking the read the rest link below.
