July 5, 2017

IT Leadership Meeting Recap: Building an Insider Threat Program

Have you ever thought that a breach could be caused by someone internally? Well, it is more common than you think; in fact, it was stated that 77% of breaches are attributed to insiders. That means your co-worker, your manager, or someone that sits right next to you, could be stealing company information. Surprisingly, with a number so high, it seems that not many organizations have a program in place to protect them from insiders. But, thanks to Jadee Hanson, Director of Security at Code42, our IT Leadership group dove deeper into Why & How to Build an Insider Threat Program, and left the meeting with a better understand of why this type of program is so important to have.

So, what is an insider threat? “An insider threat is a malicious threat to an organization that comes from people within the organization, such as employees, contractors or vendors, who have inside information concerning the organization's security practices, data and computer systems”; whereas, an outsider threat is when an individual or a group seeks to gain private/protected information by hacking an organization’s system.

Internal breaches are more common than people think and can happen to any organization at any time. Therefore, it is extremely important to be prepared and have a program in place that works on preventing it from happening. Insiders can steal anything and everything and can cause great financial harm. So now you may be asking, what can you do to get this program started in your company? It isn’t easy and isn’t something that will happen overnight, but here are a few simple steps to get you started on this journey.

Planning Before Tech

  • Plan, plan, plan before you implement any technology!


  • This program is broader than IT and security, so it is important that you bring in human resources, legal, etc. into the planning and implementation


  • Start small and monitor employees on performance plans, employees that submitted their 2-week notice, and date moving a cloud storage location

Incident Response

  • What will you do if someone does steal?

Throughout the entire journey, it is crucial that you communicate and make sure people are aware of the program and understand why you are it. The more you communicate and the more transparent you are, the easier it will be to get people to accept the change and the more likely you will deter behavior. 

Need some help? Be sure to check out these resources!

  • SW Engineering Institute Carnegie Melon
  • The CERT Guide to Insider Threat

How does your organization work to manage insider threat? 

Think IT Blog CTA (1) (2)

Posted by: Rachel Gaffney

Tags:  IT Leadership, Meeting Recap, IT Leadership Group, Security

Social Media Policy

No comments yet. Be the first!

Your Comment:

*This will not be displayed.