Hi, I am Shane Sims and I am with KPMG’s cyber security defense team.
News reports and media coverage involving the topic of insider threat has continued to increase over the past few years. Reducing business risk caused by someone with authorized access to systems and data, can be a complex challenge for any organization. The management of the insider threat challenge spans multiple businesses functions: it’s not solely an IT problem. When IT owns the issue of insider threat, the result is a technology purchase that often doesn’t integrate all of the required business functions.
Start with developing the right strategy for your organization. The strategy will determine whether new technology is even needed. Often, with the right strategy, existing technology investments can be leveraged. The right strategy will identify and operationalize elements of HR, Ethics, Compliance, Security, Procurement, and IT. It will also include concepts learned from those with government counterintelligence experience.
From my experience with insider threats which spans over 20 years now - the top 2 insider threats to trade secrets, other sensitive business information, and personal information have been:
There are also other forms and a variety of influences to the insider threat. Common causes include:
To help mitigate these type of threats, Board Directors should consider some key questions to improve the governance of insider risk:
At KPMG, we have developed an insider threat management framework and we use it to help our clients develop a roadmap to begin - or improve - insider threat management. We’ve also leveraged our framework internally at KPMG to help us drive down insider risk ourselves.
So remember – it takes a strategy-first approach to reduce insider risk. If your organization is concerned about insider risk and you want to take action, we would love the opportunity to connect with you to see how we can help mature your organization’s insider threat management program. Thank you for taking the time to watch this video and we look forward to hearing from you.