Mai 8, 2023

Revisiting Insider Risk Programs in 2023

Mike Crouse

As the impact and cost of insider incidents continues to be on the rise, organizations are reshaping how they manage insider risk programs.

Evaluating the effectiveness of an Insider Risk Program 

The Intelligence and National Security Alliance (INSA) states that “Establishing appropriate objectives and performance metrics supports business justifications for resources and ensures sustained buy-in and support from senior leadership and other key internal stakeholders.”

When implementing a new insider risk program or looking at existing programs in place, Program Managers and organizations are asking themselves some tough evaluative questions such as:

  • Does our existing program identify and score riskiest users, their behaviors, and actions?
  • Can our existing program determine if user credentials have been compromised or stolen?
  • Do we know if workers are taking proprietary data with them when they leave the organization?
  • Does the current program provide indicators for behaviors of workplace violence, self-harm, or sabotage before they occur?
  • Are we collecting data on physical methods of data exfiltration, such as printing physical copies, copying content to removable media, taking screenshots, or using the clipboard to copy and paste proprietary information?

Answering these questions involves knowing what types of risky activities are of most concern to your organization. Some examples of insider activities that can pose great risk to your organization’s mission, reputation, and bottom line might include:

  • Extremism, workplace violence, self-harm, and sabotage
  • Media leaks, misinformation that can harm reputation and public perception
  • Corporate espionage, customer data and PII spillage; theft of trade secrets
  • Stolen Credentials
  • Employees leaving and taking proprietary data with them
  • Accidental or intentional systems disruption
  • Supply chain disruption
  • Fraud


Navigating and Managing Insider Risk

I recently did an educational webinar called Navigating and Managing Insider Risk. It contains useful guidance and information for how organizations can answer the questions above and manage insider risk. Learn how to structure an effective program and where to begin when implementing a new program or improving an existing program.

I also explain why point products that claim to be one-size-fits-all are not effective: Organizations should instead adopt a phased crawl, walk, run approach that focuses on their specific organizational needs. A phased approach that leverages the best practices, proven methodologies, and educational resources from the experts including thought leaders like the Intelligence and National Security Alliance (INSA), Carnegie Mellon, MITRE Labs, Applied Research for Intelligence and Security (ARLIS) and more.

Learn effective ways to manage, navigate and solve Insider Risk. Check out my recent webinar or review the Insider Risk Infographic for more. 

Forcepoint - Navigating and Managing Insider Risk in 2023

Mike Crouse

Mike Crouse is the Director for Enterprise User and Data Protection at Forcepoint Global Governments and Critical Infrastructure. He works closely with industry thought leaders, executives, and the Forcepoint management team to help guide long-term programmatic and technology...

Read more articles by Mike Crouse

À propos de Forcepoint

Forcepoint est une entreprise leader en cybersécurité pour la protection des utilisateurs et des données. Son objectif est de protéger les entreprises tout en stimulant la transformation et la croissance numériques. Nos solutions s’adaptent en temps réel à la façon dont les personnes interagissent avec les données, et offrent un accès sécurisé tout en permettant aux employés de créer de la valeur.
Inline CSS for Main Menu