From insider threat to insider asset: a practical guide

Presented at VB2017, Oct. 6, 2017, noon (30 minutes).

Over the last few years it has become painfully obvious that perimeter defences provide inadequate controls against threats that are already extant within the network. This realization has driven significant growth in the field of 'Insider Threat Protection', and adoption of a broad set of defences based upon monitoring and analytics. While we understand the value of this approach, our contention is that when all we focus on is technology, we create an adversarial and negative-incentive-based relationship between employee and employer, thereby failing to address (or even exacerbating) some of the foundational drivers for certain types of damaging insider behaviour. In this talk, we focus on what we believe to be the most effective way to mitigate insider threats: the fusing of technology with a modern and people-centric approach to proactive insider risk prevention. The simple truth, backed by considerable research, is that employees who feel engaged and valued in their jobs - those who are motivated by positive enforcement as well as negative consequence - present a significantly lower organizational risk. This incredibly important fact is oft overlooked, leaving an important tool in the risk management process unused. Our belief that the insider threat is best managed from human capital and technology *partnership* is sufficiently strong that we present this session from the perspective of both human resources and technology executives, sharing the presentation just as we feel companies must share the ownership, construction, and management of a forward-looking insider threat program. The level of collaboration required far exceeds tangential contact at the borders of responsibility, but instead should enable a nuanced, positive, and people-centric approach to a challenging problem. To this end, we present this talk as a team, working in partnership both to enable employees and protect critical data, and provide real-world guidelines for the rollout of such a program.

Presenters:

  • Kristin Leary - Forcepoint
    Kristin M. Leary Kristin Machacek Leary serves as Chief Human Resources Officer for Forcepoint. She has more than 25 years of progressive leadership and human resources experience, including executive and leadership development, workforce planning, organizational development, talent and performance management and employee recruitment and retention. Before joining Forcepoint, Leary was the Chief Human Resources Officer at Alphatec Spine. Previously, Leary held HR leadership roles at Quintiles, Hewlett-Packard and Boston Scientific. Prior to 1996 Ms. Leary held senior management roles within Human Resources at Dayton-Hudson Corporation, Select Comfort Corporation, and Andcor Companies. Leary holds a Bachelor of Arts degree in organizational communications & English from Concordia College.
  • Richard Ford - Forcepoint
    Dr Richard Ford Dr Richard Ford is the Chief Scientist for Forcepoint, overseeing technical direction and innovation throughout the business. He brings over 25 years' experience in computer security, with knowledge in both offensive and defensive technology solutions. During his career, Ford has held positions with Virus Bulletin, IBM Research, Command Software Systems and NTT Verio. He has also worked in academia, having held an endowed chair in computer security, and worked as Head of the Computer Sciences and Cybersecurity Department at the Florida Institute of Technology. He holds a Bachelor's degree, Master's degree and D.Phil. in physics from the University of Oxford.

Links:

Similar Presentations: