From insider threat to insider asset: a practical guide

Friday 6 October 12:00 - 12:30, Green room

Kristin Leary (Forcepoint)
Richard Ford (Forcepoint)

Over the last few years it has become painfully obvious that perimeter defences provide inadequate controls against threats that are already extant within the network. This realization has driven significant growth in the field of 'Insider Threat Protection', and adoption of a broad set of defences based upon monitoring and analytics. While we understand the value of this approach, our contention is that when all we focus on is technology, we create an adversarial and negative-incentive-based relationship between employee and employer, thereby failing to address (or even exacerbating) some of the foundational drivers for certain types of damaging insider behaviour.

In this talk, we focus on what we believe to be the most effective way to mitigate insider threats: the fusing of technology with a modern and people-centric approach to proactive insider risk prevention. The simple truth, backed by considerable research, is that employees who feel engaged and valued in their jobs – those who are motivated by positive enforcement as well as negative consequence – present a significantly lower organizational risk. This incredibly important fact is oft overlooked, leaving an important tool in the risk management process unused.

Our belief that the insider threat is best managed from human capital and technology partnership is sufficiently strong that we present this session from the perspective of both human resources and technology executives, sharing the presentation just as we feel companies must share the ownership, construction, and management of a forward-looking insider threat program. The level of collaboration required far exceeds tangential contact at the borders of responsibility, but instead should enable a nuanced, positive, and people-centric approach to a challenging problem. To this end, we present this talk as a team, working in partnership both to enable employees and protect critical data, and provide real-world guidelines for the rollout of such a program. 










Other VB2017 papers

XAgent: APT28 cyber espionage on macOS

Tiberius Axinte (Bitdefender)

This paper provides an in-depth analysis of the macOS version of the APT28 component known as XAgent. We will dissect the…

Walking in your enemy's shadow: when fourth-party collection becomes attribution hell

Juan Andres Guerrero-Saade (Kaspersky Lab)

Costin Raiu (Kaspersky Lab)

Attribution is complicated under the best of circumstances. Sparse attributory indicators and the possibility of overt…

Keynote address: Inside Cloudbleed

John Graham-Cumming (Cloudflare)

In February 2017, Cloudflare was revealed to have been leaking private information including HTTP headers, cookies and POST data…