The paper describes a practitioner’s view of the issue and the approaches used by BT to assess and address insider threats and risks. Proactive measures need to be taken to mitigate against insider attacks rather than reactive measures after the event. A key priority is to include a focus on insiders within security risk assessments and compliance regimes. The application of technology alone will not provide solutions. Security controls need to be workable in a variety of environments and designed, implemented and maintained with people’s behaviour in mind. Solutions need to be agile and build and maintain trust and secure relationships over time. This requires a focus on human factors, education and awareness and greater attention on the security ‘aftercare’ of employees and third parties
Critical success factors for security education, training and awareness (SETA) programme effectiveness: an empirical comparison of practitioner perspectives
Cyber security has never been more important than it is today in an ever more connected and pervasive digital world....