Raconteur - Rethink Insider Threat and Data Loss Prevention
A healthy dose of paranoia is understandable and often even necessary in cybersecurity, but in the case of insider threats – where the risk lies within the organisation like a Trojan horse – leaders must strive to avoid internalising a frenzied monomania that views every employee as a menace. After all, “it is more shameful to distrust our friends than to be deceived by them,” said Confucius.
But the unfortunate truth is that improperly managed staff can cause an eye-watering amount of damage, whether due to negligence, because they’ve been targeted, or malice. A Ponemon report conducted on behalf of Proofpoint claimed insider threats caused as a result of compromised insiders almost doubled since 2020, when much of the world was working remotely due to the pandemic, and the average annual remediation cost for insider-led incidents caused by careless or negligent users was a staggering $6.6m. This is all complicated by the emergence of a hybrid work world, where the traditional understanding of perimeter defence no longer applies and ‘bring your own device’ was flipped on its head – with staff bringing their work into their homes and therefore all the devices in them.