What's next: trends in insider threat

Mitigating and maturing your insider threat program.


Hi, I am Shane Sims and I am with KPMG’s cyber security defense team.

News reports and media coverage involving the topic of insider threat has continued to increase over the past few years. Reducing business risk caused by someone with authorized access to systems and data, can be a complex challenge for any organization. The management of the insider threat challenge spans multiple businesses functions: it’s not solely an IT problem. When IT owns the issue of insider threat, the result is a technology purchase that often doesn’t integrate all of the required business functions.

Start with developing the right strategy for your organization. The strategy will determine whether new technology is even needed. Often, with the right strategy, existing technology investments can be leveraged. The right strategy will identify and operationalize elements of HR, Ethics, Compliance, Security, Procurement, and IT. It will also include concepts learned from those with government counterintelligence experience.

From my experience with insider threats which spans over 20 years now - the top 2 insider threats to trade secrets, other sensitive business information, and personal information have been:

  1. IT and security professionals with elevated privileges needed for their job and gives them access to all systems, applications, and data.
  2. And other professionals with direct access to the data because of their job responsibilities - including people who actually apply for these positions to get that access and accomplish their intended threat objective.

There are also other forms and a variety of influences to the insider threat. Common causes include:

  • Foreign intelligence agencies and corrupt competitors.
  • Personal financial challenges.
  • Political or social activism.
  • To support an external career move or start a business.
  • Fear of being laid off.
  • And disgruntled employees because of no pay raise or bonus.

To help mitigate these type of threats, Board Directors should consider some key questions to improve the governance of insider risk:

  • Have we defined our Trade Secrets and identified a financial value?
  • Who is in charge of insider threat management?
  • What is the company’s strategy?
  • How many detected security incidents related to our trade secrets are attributed to insiders?
  • What was the impact of these insider incidents?
  • What are other companies in our industry doing to manage insider risk?

At KPMG, we have developed an insider threat management framework and we use it to help our clients develop a roadmap to begin - or improve - insider threat management. We’ve also leveraged our framework internally at KPMG to help us drive down insider risk ourselves.

So remember – it takes a strategy-first approach to reduce insider risk. If your organization is concerned about insider risk and you want to take action, we would love the opportunity to connect with you to see how we can help mature your organization’s insider threat management program. Thank you for taking the time to watch this video and we look forward to hearing from you.