EXPERT
OPINION
How
C-level
execs
can better
understand
insider risk
In the digital era, it is easy to be blinded by the lights
of new technologies. However, this can cause us to
disregard the factors which pose a threat to insider
risk. Tony Pepper, CEO, Egress, discusses insider
breach risks and suggests the way we understand
and manage insider risk needs to change to comply
with today’s data security challenges.
Tony Pepper,
CEO, Egress
nsider data
I
breach risk has
existed for as long
as companies
have but its
nature, impact and
a business’ ability
to control it has changed dramatically in
the digital data-driven age.
As a valuable commercial asset, data is a
target for theft by malicious actors within
and outside the business, while as a
regulated liability, it must also be protected
from accidental loss or exposure.
Data security is a board-level concern
and gaining a better understanding
of insider breach risk helps directors
ensure it is managed effectively.
The digital workplace puts data
on the front line
The first step in understanding the
evolution of insider breach risk
is to acknowledge the effect of
unprecedented transformation of the
workplace and employees’ relationship
with technology and data. Increased
mobility and the rise of remote, flexible
working mean human–digital interaction
is near constant. This blurs the lines
between work and homelife, creating
an ‘always-on’ culture where employees
juggle diverse priorities simultaneously.
At the same time, data volumes have
increased exponentially and businesses
have become hyperconnected, providing
workers with multiple channels for data
sharing. Yet, despite these immense
changes, employees remain the same;
as fallible and fundamentally human as
ever. So, we’re looking at a world where
a single mistake made by a pressured
employee – a mistyped email address
or response to a phishing email – can
cause an accidental breach of huge
scale and devastating impact, while
employees with malicious intent have
every tool they need at their disposal.
We ask our workforce to do more,
share more and make snap judgements
about data sensitivity, appropriate
protection and the authenticity of email
correspondents, all at the relentless
pace of competitive business. This
is set against a backdrop of punitive
data protection regulations. This is
www.intelligentciso.com | Issue 24
41