Security leaders must first involve their employees if they want to deliver an effective insider risk program, an expert argued today at Infosecurity Europe.
On the second day of the cybersecurity conference, Donna Goddard, head of security engineering at Adarma Security, argued that transparency is key to the success of these efforts.
Security leaders need to reframe the role of such programs in such a way that employees get something of value, she said. This could be security expertise that could help prevent a crime that could ultimately get an individual fired, or new behavior that could help protect an employee’s personal information. could be.
“It’s just as important to protect our employees as it is to protect our company,” she insisted. “If they have confidence in you, they may actually come to you actively with their problems.”
For more insider risk, see 44% surge in insider threats due to working from home.
Proofpoint’s resident CISO, Andrew Rose, added that all individuals involved in the incident should be presumed innocent from the start. This is especially important as it can be difficult to initially determine whether a DLP event is intentional or accidental as staff continue to change the way they work in pursuit of agility and efficiency.
Goddard argued that the key here is to “put objectivity into the process” and derive as much contextual information as possible to reach the right decision.
It’s also important to ensure that the right people are engaged in dealing with data loss and insider risk incidents, he added.
“SOC people don’t necessarily have the right skill sets for this kind of work,” she argued. “Can she successfully use a SOC analyst to fix an inherently broken business process? Data owners should do that.”
Rhodes said that if an incident was caused by malicious intent rather than the result of insider negligence, SOC analysts would be focused on neutralizing the threat at all costs, so they would not have the evidence needed for subsequent litigation. There is also the risk of concealment, he added.
