Most companies have an eye on the intruder, the hacker, but how many of them are keeping an eye on their own staff!
A Ponemon Study from earlier this year (check it out) shows that most companies don’t have enough information to know if their own employees are putting them at risk. It’s not that they are doing anything malicious (although they may be); it’s knowing what expected behavior is and what anomalous behavior is. It may be fine that you are accessing hundreds of folders as part of your position, but it’s more likely that you are touching all of that data improperly. Companies need to understand who is accessing data, whether it’s expected behavior given one’s position or if something is wrong.
How do you do that? A Data Governance policy aligned with other information within the organization will allow you to create correlations and identify areas of risk. It’s not easy or straightforward, there is a great deal of thought, understanding and native intelligence that has to be harnessed. But, it’s attainable with the right amount of effort and support from senior levels within an organization.
Who is your biggest internal threat?