The insider threat peer report Peer inside your contemporaries' internal security

The nature of security often means it must be cloaked in secrecy. Organisations don’t want to talk about their approach to keeping digital assets safe, as the thinking goes that the more information that is out there, the more vulnerable they are.

This means that a lot of security professionals can feel like they are working in a bit of a vacuum. Security is never going to have the same kind of knowledge sharing economy that other areas of IT, or indeed business in general, have. The opportunities for security professionals to discuss their strategy, or even just broader opinions about the job they do, is rarer than it is for other disciplines. This issue can be magnified for IT professionals for whom security is just one aspect of their job, as it means it is always the one they are least able to discuss.

In the area of insider threat especially, many IT and security professionals are not at ease discussing the behaviours of their own users, or how they manage internal processes.

That is why we have produced ‘The insider threat peer report’. We found a few senior IT and security professionals, working in diverse industries spanning education, government, FMCG, finance and health, to tell us a bit about their views on internal security.

This report is not about case studies, or an in depth look into any of these organisations’ security strategies. It is a rare opportunity to get insight into the views and opinions of your peers on the topic of insider threat.

Who is quoted in this report?

All quoted contributors to this report are IS Decisions customers, spanning industries from education to finance, pharmaceuticals to FMCG.

University of Auckland

Hinne Hettema
IT Security team lead, University of Auckland

Forreston State Bank

Christopher Cronau
Vice President, Forreston State Bank

Bellicum Pharmaceuticals

Joseph Reyes
IT Manager, Bellicum Pharmaceuticals

The Scenic Route

John Giordiano
IT Manager, The Scenic Route

Criterion Systems

Adam Cotton
Cyber Security Analyst, Criterion Systems

Dylan

Dylan
IT Manager, Undisclosed

Moet Hennessy do Brasil

Michel Tagami
Support Coordinator, Moet Hennessy do Brasil

What is your Greatest security threat?

In our research for the Insider Threat Manifesto, a survey of 1,000 IT professionals told us ‘insider threat’ came fourth on their list of security priorities. But our peer report contributors place a higher emphasis than average on internal security.

What is your greatest security threat?
What type of employees pose the greatest security threat?

Technology and training: Tackling insider threat

How important a role do you think user training takes in tackling internal security?
Are technology or social led measures more effective?

Insider threat on the Organisational priority list

Beyond IT and security, are there any other parts of an organisation that you think could help mitigate internal security risks?

Insider threat on the organisational priority list Senior Management

Our recent research showed 47% of those in senior management roles consider employees to be in their top three security concerns, behind hacking and viruses.
Data loss
Employees
Virus
Hacking
When speaking with senior executives how do your ensure others understand the security issues and risk involved?
How do attitudes to security differ accross users?

Percentage of desk-based workers who have shared their work login details with at least one other person, split by age:

16 - 24

25 - 34

35 - 44

45 - 55

55+

The future Of security and insider threat

What tech trends do you think are impacting internal security?
What does the future hold for internal security?

Any words of advice?