Insider Threat And 80’s Song Lyrics
Recapping 'Managing the Insider Threat' expert panel discussion, a surprisingly good way to close 2021.
Share This Article:
As we neared the end of 2021, Anchoram was very pleased to sponsor a combined ISACA (Information Systems Audit and Control Association) and AISA (Australian Information Security Association) professional development event for their members in Canberra on 23 November. The theme was managing the Insider Threat with the event taking the form of an expert panel discussion chaired by Anchoram’s Lead Partner for Integrated Security Services, Craig Petrie.
After a long break from proceedings due to COVID-19, and flagged as one of the last opportunities for the Canberra cyber community to get together, the venue was near capacity with an excellent turnout from members of both associations.
The evening event proceeded with Craig setting the scene and reminding attendees that the Insider Threat is defined by The Attorney General’s Department handbook ‘Managing the insider threat to your business’ as:
“The threat posed by unauthorised access, use or disclosure of privileged information, techniques, technology, assets or premises by an individual with legitimate or indirect access, which may cause harm”.
– note that Insiders can be either malicious or non-malicious
Highlighting the widespread concern amongst the cyber community on this issue, the 2021 survey conducted by Gurucul provides valuable insight into the discomfort of organisations when dealing with insider threats. Some pertinent results from the survey include:
- 98% of respondents feel vulnerable to insider attacks
- 82% of organisations find it difficult to determine the actual damage of an insider attack
- 49% of organisations can’t detect insider threats or can only detect them after the data has left the organisation
- Only 11% of organisations consider their monitoring, detecting, and response to insider threats to be extremely effective.
Craig then posed some questions to the Panel based on a range of excellent questions from the attendees. A summary of key discussions and contributions from the Panel includes:
- Andre Remmers, Chief Security Officer provided valuable insight into protective security, patterns of behaviours, and the development of heat maps to assess risks and allocate resources. He stressed that the best defence is training and awareness, concluding that “we are all just one bad day away from being an insider”.
- Dave Turner, an Industrial Relations Executive examined the balance required with legal controls including privacy, workplace agreements, and the insider threat program. He also emphasised that maintaining the engagement of employees is crucial to counter the threat.
- Sean Hugo, a Deputy Chief Information Security Officer outlined an approach to managing the insider threat. This includes a combined capability of expert teams, systems, and continual improvements. He provided a few operational examples of insider threat and response to illustrate how the capability functions.
- Dr Lesley Seebeck, a leading Cybersecurity Academic Authority, advised that managing the insider threat is a continual process in an increasingly challenging cyber threat environment, stating that “CISOs have such a tough job”. Although the problem appears big, we should not ignore low-hanging fruit and should continue to innovate as the threats shift.
When Craig started quoting 80’s New Wave song lyrics to highlight a point, Anchoram’s CEO Glenn Ashe wisely thought it was time to wrap up proceedings. He thanked the Panel and their insights, thanked the audience and handed over to ISACA Canberra President Alistair Nicholson. Alistair thanked Anchoram for sponsoring the event saying that it was a great discussion on the multi-dimensional nature of the Insider Threat.
To kick off 2022, and continue with the theme of threats, Anchoram is very pleased to be sponsoring the ACS (Australian Computer Society) Leadership breakfast event on the 8th of February – THE FUTURE OF TECHNOLOGY IN INFORMATION WARFARE – presented by the Joint Head Information Warfare – MAJGEN Susan Coyle, CSC, DSM.
So, if you are dealing with a security issue and need support, then as Tears for Fears would say, “Shout, shout, let it all out”, and contact Anchoram.
Recapping 'Managing the Insider Threat' expert panel discussion, a surprisingly good way to close 2021.
Share This Article:
Categories
Subscribe
Subscribe to our newsletter and get the latest news and information from Anchoram.