This article is part 3 of 3 in the “Insider Enterprise Threats” series, outlining effective policies and practices for combating insider cyber security threats (human behavior) to the modern enterprise.

Over the course of this series, we’ve broadly examined the dangerous but highly-overlooked cybersecurity threat of malicious insiders. As discussed, insiders can take the form of employees, contractors, or really anyone with legitimate and credentialed access to your data, systems and other digital services.

In the first article, we profiled these insider threats and analyzed their implications for user activity monitoring, whereas in the second article, we examined technical methods for securing technology itself against these threats. In this third and final piece, we’ll examine how to address and combat insider threats through monitoring non-cyber behavior and building a strong security culture.

How can Human Behavior be aligned to an insider threat?

As previously discussed, “regular” insiders may turn malicious for a variety of reasons. Rarely, however, do these causes originate in cyberspace; instead, it’s often the physical world that produces the trigger. It is therefore essential to monitor employee behavior outside of the cyber domain to better inform threat mitigation. (Many insider threat programs refer to this portion as “continuous and persistent surveillance.”)

Technology lowers the barrier to malicious insider activity. Stealing files on a USB drive, for instance, is less intimidating than stealing folders from a filing cabinet just as posting credentials on a website is easier than breaking into a locked office. Our risk perceptions are also fundamentally skewed in the cyber domain; because we lack a cyber lexicon and a historical understanding of cyberspace, our ability to reason logically and rationally is seriously inhibited the moment we’re in front of a screen. Those already at risk for physical malicious behavior are at an (Read more...)