The other thing for Insider is you have auditors show up and ask the age old question to check the box " Do you have a DLP solution " with a twisted wink and a nod. The C level person of your choice, slaps their knee and says "Well of course I do." With a wink in return. Neither one realizing a DLP is not an Insider threat program. People, processes and technology, not just a tool that most C suite sees as a AV for words - yes I have seriously had a C level person tell me that is what they think data loss tools do.
Great post. Insider threat is a little bit of an oddity in the land of cyber risks I think, in the sense that we all know how much of a threat it is but somehow it ends up rarely being top of mind.
The other thing for Insider is you have auditors show up and ask the age old question to check the box " Do you have a DLP solution " with a twisted wink and a nod. The C level person of your choice, slaps their knee and says "Well of course I do." With a wink in return. Neither one realizing a DLP is not an Insider threat program. People, processes and technology, not just a tool that most C suite sees as a AV for words - yes I have seriously had a C level person tell me that is what they think data loss tools do.
Great post. Insider threat is a little bit of an oddity in the land of cyber risks I think, in the sense that we all know how much of a threat it is but somehow it ends up rarely being top of mind.