Why Insider Risk Is the Biggest Cyber Threat You Can't Ignore
Joe Payne, Jadee Hanson, Mark Wojtasiak, George Kurtz
- 192 Pages
- October 20, 2020
- ISBN: 9781510764484
- Trim Size: 6in x 9in x 0in
From data security company Code42, Inside Jobs offers companies of all sizes a new way to secure today’s collaborative cultures—one that works without compromising sensitive company data or slowing business down. Authors Joe Payne, Jadee Hanson, and Mark Wojtasiak, seasoned veterans in the cybersecurity space, provide a top-down and bottom-up picture of the rewards and perils involved in running and securing organizations focused on rapid, iterative, and collaborative innovation.
Modern day data security can no longer be accomplished by “Big Brother” forms of monitoring or traditional prevention solutions that rely solely on classification and blocking systems. These technologies frustrate employees, impede collaboration, and force productivity work-arounds that risk the very data you need to secure. They provide the illusion that your trade secrets, customer lists, patents, and other intellectual property are protected. That couldn’t be farther from the truth, as insider threats continue to grow. These include:
- Well-intentioned employees inadvertently sharing proprietary data
- Departing employees taking your trade secrets with them to the competition
- A high-risk employee moving source code to an unsanctioned cloud service
What’s the solution? It’s not the hunt for hooded, malicious wrongdoers that you might expect. The new world of data security is built on security acting as an ally versus an adversary. It assumes positive intent, creates organizational transparency, establishes acceptable data use policies, increases security awareness, and provides ongoing training. Whether you are a CEO, CIO, CISO, CHRO, general counsel, or business leader, this book will help you understand the important role you have to play in securing the collaborative cultures of the future.
Jadee Hanson is the chief information security officer and chief information officer at Code42. She has more than sixteen years of information security experience and a proven track record of building IT and security programs. Prior to Code42, she held a number of senior leadership roles in security at Target Corporation and Deloitte. Jadee is also the founder of the non-profit organization Building Without Borders.
Mark Wojtasiak is the vice president of portfolio strategy and product marketing at Code42, bringing with him more than twenty years of B2B data storage, cloud, and security experience. He previously worked at Seagate for ten years, where he held a number of senior strategy roles in global marketing and product management, as well as served in marketing leadership at Now Micro.
Code42 is the leader in insider risk detection and response. Native to the cloud, Code42 rapidly detects data loss, leak, theft and sabotage as well as speeds incident response—all without lengthy deployments, complex policy management or blocking employee productivity. With Code42, security professionals can protect corporate data and reduce insider risk while fostering an open and collaborative culture for employees. www.code42.com
“This book addresses a problem that needs focus—insider threat is a very real issue that organizations need to grapple with and understand. It’s one of the greatest underserved risks in cybersecurity today.” —AMIT YORAN, CEO of Tenable, former president of RSA, former national cybersecurity director at DHS, and former director of US-CERT
“I never thought I’d read a book about cybersecurity insider threats that is actually—dare I say it—engaging. By illustrating technical points with compelling stories and examples, this book becomes a productive read not only for the CISO, but also for the CIO, the CHRO and the CEO.” —CHIP HEATH, author of best-sellers Switch, Made to Stick, Decisive, and The Power of Moments
“Today, some of the most pressing problems in security revolve around insider threats and data security. Code42’s book provides new perspective on these problems and how much more important they have become in the increasingly remote and distributed workplace, suggesting major changes in how we approach data security.” —MARTIN ROESCH, cybersecurity expert, creator of Snort, and founder of Sourcefire
“I’ve seen too many organizations feel they have a cybersecurity program because they have a few cybersecurity products. This book really shows how the care of your data is fundamental to protecting it.” —RON GULA, cyber industry pioneer; developer of Dragon, one of the first commercial network intrusion detection systems; cofounder of Tenable Network Security
“While many executives understand security threats from outside their company, most don’t protect their business from insiders. Employees lose, steal, or misplace data more often than businesses realize, costing billions. Inside Jobs is packed with powerful examples and actionable advice every senior executive needs to know in a fast-paced book that can be finished in one plane ride.” —DAVID MEERMAN SCOTT, marketing strategist, entrepreneur, and best-selling author of eleven books, including Fanocracy and The New Rules of Marketing & PR
“Data leaks are going to happen. Code42’s approach to insider threat detection shows you exactly what you need to know when your confidential data is walking out the door and what to do about it.” —MIKE WASSERMAN, security orchestration engineer at The Pokémon Company International
“Minneapolis-based Code42 (data security software) explores the challenges of the digital revolution in Inside Jobs: Why Insider Risk is the Biggest Threat You Can’t Ignore and makes the case that threats from insiders introduce significant risk to the enterprise.
The modern enterprise seeks competitive advantage through digital transformation initiatives that require a highly collaborative culture. In the rush to deliver tools to enhance innovation, provide better access to information, and improved employee collaboration, many enterprises unintentionally introduce intellectual property, privacy, and security risks that may have serious consequences.
Inside Jobs recommends embracing enterprise collaboration, but suggests addressing unhealthy, pervasive attitudes that introduce ‘data security dilemmas.’ These dilemmas force security teams to introduce a patchwork of policies, processes, and technologies that often don’t protect enterprises, customers, or shareholders. The book focuses on three themes: introducing a new data security mindset, recruiting change agents to support today’s modern collaboration culture, and recommending new processes and technology to facilitate collaboration while protecting data.
Addressing insider threats starts by acknowledging and addressing core reality: many employees feel entitled to share, copy, and store company files and data anywhere it helps them be more productive. If there is a will to bypass today’s processes and data security controls, there is likely a method for employees to do it. Rather than fight the uphill battle of data exfiltration with more controls, more policies, more people, Inside Jobs suggests enlisting a team of cross-functional change agents focused on addressing insider risk who are tasked with promoting a progressive, safe, and responsible data security culture.
Building a culture of data security that adequately addresses insider threats takes enterprise wide training, innovation, and collaboration friendly data security policies, and the executive support. Enterprises must also have a focused, cross-functional team regularly evaluating enterprise readiness, awareness, and response to evolving insider threats.Inside Jobs is a timely reminder how insider risks are often introduced as enterprises digitize and modernize. The book uses real word examples and presents dire consequences from mistakes made in the effort to gain competitive advantage. The book doesn’t seek to shame us, but remind us that enterprise risk is often introduced by initiatives with the best of intentions.” —PETE CHRONIC, cybersecurity thought leader, former SVP and CISO of Warner Media and CSO of Earthlink, and author of The Cyber Conundrum