The insider threat. It could be the malicious insider who intentionally sets out to commit fraud, steal intellectual property or cause damage. Or else it could be the so-called "accidental insider" who makes a mistake or is taken advantage of by an external threat actor. Either way, the business impact is real, and it's causing more organizations to adopt an active defense against insider threats. This topic has come up repeatedly at our global summits - most recently in London, where Christopher Greany, head of group investigations at Barclays, a British multinational investment bank and financial services company, addressed the insider threat. His focus is on three prospective threats: The foolish, the lazy and the criminal. To reach each of these groups, Greany's organization has dedicated itself to ongoing training. "That is the battle: to change the culture and the mindset of people in the organization to understand the threat that is coming up on their desktop or their laptop," Greany says. And it's a continual process. "We keep rolling it through, and we keep reminding people. When we stop the education, people relax again."
Insider threat is also a theme from Tony Pepper, co-founder of Egress Software Technologies, who spoke at our recent NYC Security Summit. Pepper feels that global legislation such as GDPR has put a new onus on organizations to prevent data leaks as a result of insider threats. "The responsibility and the accountability, now, is on the end user to understand what data is sensitive." Pepper says. "What technology vendors have got to do is to build tools around the user to help them in their day-to-day job by ultimately avoiding a data security issue." You can read complete transcripts of exclusive interviews with Greany and Pepper in this latest edition of the Security Agenda.
And remember: Please look ahead to 2019's slate of global fraud, breach prevention and security summits - some of them in new regions for ISMG. Find one - or more - near you and join our vocal membership.