The National Counterintelligence and Security Center (NCSC) and the National Insider Threat Task force (NITTF) partnered with US government agencies to kick off the second National Insider Threat Awareness Month this September. National Insider Threat Awareness Month was started in September 2019 with the goal to educate federal and industry employees about the risks posed by insider threats and encourage employees to recognize and report anomalous activities. The theme for this year’s National Insider Threat Awareness Month is “resilience” and promotes the development of programs that boost personal and organizational resilience to mitigate risks.
Insider threat remains one of the leading causes of breaches within organizations. Insider incidents include accidental misuse or carelessness, credential compromise, and malicious insiders who abuse their access to purposefully take data.
Insiders have a unique understanding of systems and access to critical data such as personally identifiable information (PII), payment card information (PCI), and intellectual property (IP). Intellectual property theft by insiders has garnered a lot of attention recently due to criminal prosecutions for stealing trade secrets, such as for Anthony Levandowski, a former Alphabet engineer who was recently sentenced to 18 months in prison after being prosecuted for the alleged theft of trade secrets from his former employer.
Defending against insider threats requires a focused approach. You can learn more about building an insider threat program in my report, “Best Practices: Mitigating Insider Threats.”
Not only is September National Insider Threat Awareness Month, Forrester’s annual Security & Risk Forum is also taking place September 22–23. Among the many other interesting security topics being covered during this year’s Forum, I am hosting a session titled “Stopping Insider Threats With Zero Trust” that will show how Forrester’s Zero Trust model protects against insider threats.
(written with Alexis Bouffard, research associate at Forrester)