Developing an Insider Threat Protection Program That Reduces the Risk of Security Breach
Hikvision Outlines Roles and Responsibilities to Reduce Risk of Security Breach
The SecurityInfoWatch.com article “To eliminate insider threats, you’ll need more than technology” provides tips and insights to develop an insider threat protection program that reduces the risk of security breach.
From the article: “In the realm of enterprise cybersecurity, it’s no secret that data breaches and cyberattacks have damaging effects. Despite the growing sophistication and prevalence of enterprise cybercrimes, the most concerning aspect of these incidents remains their source. A recent IBM study posited that today’s most damaging security threats were not the work of malicious outsiders or malware but that of trusted insiders, who were implicated in a shocking 60 percent of cyberattacks.”
The article provides several tips to help organizations establish an effective insider threat protection (ITP) program. These include:
- Gain the buy-in of executives: Gaining the support of executives and key departments can help with securing adequate funds to implement tools, form teams, and craft policies. “Discuss the program in terms of the individual stakeholder, telling them how their concerns are addressed and covering how it directly benefits their part of the organization,” according to the article.
- Get legal team input: Gain legal advice on relevant laws and regulations, privacy issues, and administrative or legal actions allowable by law against employees.
- Outline processes: Define and outline the process for responding to an insider threat.
- Inventory critical data: Keep records of where your organization’s critical data is located and which employees can access it.
- Develop a broad view of internal threats: Internal threats can include company employees as well as contractors and vendors that access your network. From the article: “Enforce data protection on all teams—not just sales or engineering—to avoid gaps in protection. Senior officials who often have more access to sensitive data than they truly need are also targets of accidental (and malicious) [security] breaches that shouldn’t be ignored.”
- Provide formal communication: Formalize communications that outline program terms and focus on data protection to avoid a security breach. “Include ITP program communication as part of the onboarding and annual training processes to generate awareness and set expectations. Openness and transparency with employees will help avoid issues by setting expectations, enlisting employees to be mindful protectors of critical data and deterring malicious breaches.”
Click here to read more from the article.
Hikvision on Roles and Responsibilities to Reduce Risk of Security Breach
Hikvision’s cybersecurity director, Chuck Davis, outlined several roles and responsibilities to help reduce security breach risk in this HikWire blog. Below are tips from the article:
- Test software and hardware regularly
- Respond to and communicate about vulnerabilities quickly
- Create good cybersecurity best practices documentation and education
Installers, resellers, and architects should:
- Understand and educate themselves on cybersecurity best practices
- Create network architectures and support models that promote those practices
- Regularly communicate with manufacturers about potential threats and vulnerabilities
- Ensure that firmware is up to date on installed equipment and that passwords are changed from default to complex
Owners/End users should:
- Understand that they own, and are responsible for, the devices that they put on the Internet
- Keep firmware and patches up to date by either maintaining those devices or keeping a support contract with someone who will