Question: How can I reduce the risk of internal threats to my organization?
Ash Devata, General Manager of Cisco Zero Trust and Dual Security: Having a framework that provides the lowest level of access (the core principle of the best zero-trust model) is a good start to reduce the risk of insider threats. Many organizations provide employees with excessive access rights because it is easier to do. For example, they can copy access control from employee to employee. Therefore, when Kelly was hired as Marketing, he gained a certain level of access control. Then Sam was hired in a similar role and replicated access control, but soon after, Sam moved to a new department and then assumed a higher position. Charlie was hired to fill Sam’s role and received the same permissions as Sam, because copying access control is easier, but the risk will certainly not be reduced.
Active monitoring can also be helpful, but companies need to be cautious when considering how they manage false positives and what you actually monitor. If you are actively monitoring, you need to consider the privacy impact and the process that will be performed when a problem is discovered. More importantly, if you block something, will it inhibit the business process? For example, if you block SMS via email and don’t realize that part of your sales team communicates directly with customers in this way, you may inadvertently hinder the business process.
