The vast majority of companies have embarked on establishing an insider-threat program, but most struggle to create mature processes for detecting and responding to employee-created risk.
In its Insider Threat Report published last year, for example, Crowd Research Partners found that while 86% of organizations had embarked on creating a program, most were still developing the policies and programs, and only a third of all companies considered their insider-threat program to be mature.
The stakes can be high for companies: A badly implemented insider-threat program can alienate employees if they feel their privacy is being compromised by too much monitoring or that management is too quick to suspect workers of foul play. In a research paper published this week, Forrester Research found that many of the current insider-threat programs may violate new privacy laws and the more draconian programs may undercut employee performance, says Joseph Blankenship, vice president of research for Forrester.
"If you get the response wrong, and that employee goes out and gets a lawyer, you open yourself up to a world of hurt," he says. "So finding the right response and protecting employee's privacy are the most important aspect of an insider threat program."
Blankenship sees 2020 as the year that many companies will get insider-threat protection right by focusing not only on risk reduction, but privacy, transparency, and employee experience. While most financial service firms and any company dealing with sensitive data may already have mature processes in place to detect insider abuse, most other companies are not so well-prepared, he says.
"2020 will be the year that we take the in ..
Support the originator by clicking the read the rest link below.
