The insider threat. It could be the malicious insider who intentionally sets out to commit fraud, steal intellectual property or cause damage. Or else it could be the so-called "accidental insider" who makes a mistake or is taken advantage of by an external threat actor. Either way, the business impact is real, and it's causing more organizations to adopt an active defense against insider threats. Christopher Greany, head of group investigations at Barclays addressed the insider threat in a recent interview. "That is the battle: to change the culture and the mindset of people in the organization to understand the threat that is coming up on their desktop or their laptop," Greany says. And it's a continual process. "We keep rolling it through, and we keep reminding people. When we stop the education, people relax again."
Insider threat is also a theme from Tony Pepper, co-founder of Egress Software Technologies. Pepper feels that global legislation such as GDPR has put a new onus on organizations to prevent data leaks as a result of insider threats. "The responsibility and the accountability, now, is on the end user to understand what data is sensitive." Pepper says. "What technology vendors have got to do is to build tools around the user to help them in their day-to-day job by ultimately avoiding a data security issue." You can read complete transcripts of exclusive interviews with Greany and Pepper in this latest edition of the Security Agenda.