Be the first to like this
How 500 IT Professionals are addressing the Insider Threat.
If you are one of the third of IT professionals expecting to implement an insider threat program in the next year, here is a guide to help ensure that it's set for the future of internal security.
The lessons from recent high profile security breaches underline how IT professionals are looking to take a joined-up approach of better user education and technology solutions across the whole enterprise.
Technology is available that helps secure access to company resources, protect from outside attacks, and protect users from their own careless behavior.
We’re also seeing change in the way consumers view companies and their security policies. If the message is not being heard from IT professionals for more responsibility from the board, perhaps the message coming from consumers soon will be.
Looking further ahead, IT professionals know there is no silver bullet. The layered approach is more relevant than ever. Security is still, and will continue to be, built in layers to provide better protection, while there’s agreement that more needs to be done to create national and international standards.
The 12-step guide to help ensure that your Insider Threat Program is set for the future of internal security. All data for this guide is from the IS Decisions’ research report User Security in 2015: The Future of Addressing Insider Threat, a study into the opinions and immediate plans of 500 IT decision makers in regard to tackling the insider threat.
1. Educate users
57% of Insider Threat Programs will include organization-wide security training.
2. Use technology
66% of Insider Threat Programs include software solutions (technology, data and tools).
3. Consider partners and supply chains
66% of I.T. Professionals believe organizations need more secure control over partners and supply chains.
4. Include a post employment process
36% of employees have continued to have access to systems or data from an employer after they have left a job.
5. Consult external sources
6.Stay up to date
91% of organizations believe the I.T. Industry needs to work harder to collaborate and address insider threats.
7. Educate senior management
57% of I.T. Professionals believe their organizations senior management does not take enough responsibility for internal security.
8. Get C-level commitment and buy in
Currently the I.T. Department (80%) takes responsibility for insider threat in nearly twice as many organizations as the C Suite (43%) does.
9. Implement greater user access restrictions and control
Applying stronger user restrictions is cited as the no.1 (top) result for how to address user security.
10. Generate user alerts
53% expect user alerts which are triggered by specific actions to be a key method for I.T. Professionals to grow awareness of security issues.
11. Take a multi-layered approach
75% of I.T. Professionals believe that bio-metrics