Intelligent CISO Issue 24 | Page 41

EXPERT OPINION How C-level execs can better understand insider risk In the digital era, it is easy to be blinded by the lights of new technologies. However, this can cause us to disregard the factors which pose a threat to insider risk. Tony Pepper, CEO, Egress, discusses insider breach risks and suggests the way we understand and manage insider risk needs to change to comply with today’s data security challenges. Tony Pepper, CEO, Egress nsider data I breach risk has existed for as long as companies have but its nature, impact and a business’ ability to control it has changed dramatically in the digital data-driven age. As a valuable commercial asset, data is a target for theft by malicious actors within and outside the business, while as a regulated liability, it must also be protected from accidental loss or exposure. Data security is a board-level concern and gaining a better understanding of insider breach risk helps directors ensure it is managed effectively. The digital workplace puts data on the front line The first step in understanding the evolution of insider breach risk is to acknowledge the effect of unprecedented transformation of the workplace and employees’ relationship with technology and data. Increased mobility and the rise of remote, flexible working mean human–digital interaction is near constant. This blurs the lines between work and homelife, creating an ‘always-on’ culture where employees juggle diverse priorities simultaneously. At the same time, data volumes have increased exponentially and businesses have become hyperconnected, providing workers with multiple channels for data sharing. Yet, despite these immense changes, employees remain the same; as fallible and fundamentally human as ever. So, we’re looking at a world where a single mistake made by a pressured employee – a mistyped email address or response to a phishing email – can cause an accidental breach of huge scale and devastating impact, while employees with malicious intent have every tool they need at their disposal. We ask our workforce to do more, share more and make snap judgements about data sensitivity, appropriate protection and the authenticity of email correspondents, all at the relentless pace of competitive business. This is set against a backdrop of punitive data protection regulations. This is www.intelligentciso.com | Issue 24 41