We’d like to think of our coworkers as trusted team members, collaborating on a shared mission to make positive contributions to the well being of the company. For the most part, this is true, but we must also recognize that our coworkers are individuals who may conduct themselves in ways that are detrimental to the company. Sometimes these actions are not malicious in nature, such as a person who, in the course of their work day, might accidentally share a file in a manner that lets the entire world see the contents. Other times an actor is perfectly aware that they are acting against the organization’s interests, with disregard to the consequences of their actions.
Understanding the difference between insider threat and insider risk
What makes insider threats like this particularly difficult for security teams to stop stems from the fact that insiders already have access to applications and data. It’s a matter of the user’s actions and their unseen motivations that cause the insider to become a threat. Limiting access to only the resources that are necessary to a person’s role is a good first step, but organizations struggle to define what the right policies are. How many different types of users are there? What actions could they possibly take? What circumstances rais