The insider threat and organizational culture
We have been busy working on solving the insider threat problem in a new way and we can’t wait to show you our answer next week at the RSA Conference.
The insider threat represents 50%-70% of security breaches (depending on who you’re listening to). Despite its size and significance, the problem remains intractable for two main reasons.
Firstly, the human element plays a key part in it, and humans are notoriously hard to read and predict.
Secondly, at its heart, it is an organizational culture issue. How are you sharing information within your organization? Traditionally, the answer has been “on a need to know basis”, especially within military and intelligence circles, but also within large private institutions. Increasingly, however, companies are realizing that it is much more effective (and fun!) to be radically transparent with smart accountability. Unfortunately, accountability in this context is ill-defined and no one has quite cracked it yet. How will you differentiate between the curious employee trying to learn how the company operates and a rogue one vacuuming up confidential information before quitting? Or the employee legitimately using a USB disk and another using it for data exfiltration?
The trade-off for organizations that are eager to have an open culture is that their intellectual property remains accessible to a large number of people, without a scalable privacy-friendly way of finding the needle in the haystack.
Please come visit us at booth 1743 at the RSA Conference to find out more, and join us on this exciting journey!
Chief Executive Officer
Hani has 17+ years’ experience in security related roles, including systems, networks, and software security. Since becoming one of the youngest Cisco Certified Internetwork Experts in security worldwide in 2004, Hani has built multiple commercially successful security products for long-established companies and startups.