An insider threat detection program must combine virtual and non-virtual measures to enable better monitoring of anomalous behavior across an enterprise, two Deloitte directors write in a Federal Times article.
“Organizations should develop an ongoing evaluation model to verify that their insider threat programs are effective and are cultivating a security-minded environment,” they stated.
They cited the Department of Homeland Security as an example of an organization that takes a proactive approach to addressing insider cyber risks.
DHS has developed protocols to analyze internal systems and track potential breaches by employees through the agency’s Information Sharing and Safeguarding program, according to Hale and Gelles.
Hales and Gelles noted the department also provides training to promote security awareness and suspicious behavior reporting across its workforce.
They explained that communication is a critical part of an insider threat program and organizations must update staff on evolving threats and security policies.