Developing an Insider Threat Protection Program That Reduces the Risk of Security Breach

April 9, 2019

Hikvision Outlines Roles and Responsibilities to Reduce Risk of Security Breach

Hikvision Outlines Roles and Responsibilities to Reduce Risk of Security Breach


The article “To eliminate insider threats, you’ll need more than technology” provides tips and insights to develop an insider threat protection program that reduces the risk of security breach.

From the article: “In the realm of enterprise cybersecurity, it’s no secret that data breaches and cyberattacks have damaging effects. Despite the growing sophistication and prevalence of enterprise cybercrimes, the most concerning aspect of these incidents remains their source. A recent IBM study posited that today’s most damaging security threats were not the work of malicious outsiders or malware but that of trusted insiders, who were implicated in a shocking 60 percent of cyberattacks.”

The article provides several tips to help organizations establish an effective insider threat protection (ITP) program. These include:

  • Gain the buy-in of executives: Gaining the support of executives and key departments can help with securing adequate funds to implement tools, form teams, and craft policies. “Discuss the program in terms of the individual stakeholder, telling them how their concerns are addressed and covering how it directly benefits their part of the organization,” according to the article.
  • Get legal team input: Gain legal advice on relevant laws and regulations, privacy issues, and administrative or legal actions allowable by law against employees.
  • Outline processes: Define and outline the process for responding to an insider threat.
  • Inventory critical data: Keep records of where your organization’s critical data is located and which employees can access it.
  • Develop a broad view of internal threats: Internal threats can include company employees as well as contractors and vendors that access your network. From the article: “Enforce data protection on all teams—not just sales or engineering—to avoid gaps in protection. Senior officials who often have more access to sensitive data than they truly need are also targets of accidental (and malicious) [security] breaches that shouldn’t be ignored.”
  • Provide formal communication: Formalize communications that outline program terms and focus on data protection to avoid a security breach. “Include ITP program communication as part of the onboarding and annual training processes to generate awareness and set expectations. Openness and transparency with employees will help avoid issues by setting expectations, enlisting employees to be mindful protectors of critical data and deterring malicious breaches.”

Click here to read more from the article.


Hikvision on Roles and Responsibilities to Reduce Risk of Security Breach


Hikvision’s cybersecurity director, Chuck Davis, outlined several roles and responsibilities to help reduce security breach risk in this HikWire blog. Below are tips from the article:

Manufacturers should:

  • Test software and hardware regularly
  • Respond to and communicate about vulnerabilities quickly
  • Create good cybersecurity best practices documentation and education

Installers, resellers, and architects should:

  • Understand and educate themselves on cybersecurity best practices
  • Create network architectures and support models that promote those practices
  • Regularly communicate with manufacturers about potential threats and vulnerabilities
  • Ensure that firmware is up to date on installed equipment and that passwords are changed from default to complex

Owners/End users should:

  • Understand that they own, and are responsible for, the devices that they put on the Internet
  • Keep firmware and patches up to date by either maintaining those devices or keeping a support contract with someone who will

IMPORTANT! This model requires non-standard firmware. Do Not Install standard firmware (e.g. v.4.1.xx) on this model. Doing so will permanently damage your system. You must use custom firmware v.4.1.25 from the iDS-9632NXI-I8/16S product page.

By downloading and using software and other materials available via this website, you agree to be legally bound by HIKVISION General Terms of Use . If you don’t agree to these terms, you may not download or use any of those materials.

If you are agreeing on behalf of your company, you represent and warrant that you have legal authority to bind your company to the General Terms of Use above. Also you represent and warrant that you are of the legal age of majority in the jurisdiction in which you reside (at least 18 years of age in many countries).