Dr. Cunningham joins Alona in the studio to talk non-malicious insider threats and how understanding human behavior is critical in successful cybersecurity strategies. She discusses different types of insider threats and what some of the common causes are. Margaret shares with us her personal journey as a woman in cybersecurity, the hurdles she's faced and overcome, and offers insights for women looking to forge a path of their own in tech. Buckle up because we're about to take you on a cross-country cyber road trip!
September is National Insider Threat Awareness month.
There are insider threats that are not malicious.
Non-malicious insider threats fall into two categories, accidental and non-accidental
Companies are always thinking about the malicious insiders but are not strategizing enough relative to non-malicious insiders.
Organizations need to understand where their sensitive data lives, but they also need to pay attention to how people in the company are working then they are missing half of the picture.
Working from home can change security habits into less secure actions that an employee would take at work in the office.
Internal employee security training and awareness isn’t good enough to protect your company.
Focus should be on designing a system that can handle the common mistakes or the outcomes from those mistakes.
Understanding is everything and controlling is nothing.
Some non-malicious insiders exist simply because they want to get work done and the current policy or system is slowing them down.
A survey of 3000 people resulted in 47% saying that they use unapproved IT to get their job done.
Oftentimes your best employees are putting you at the most risk.
In some instances we are using technology to do things that it is bad at.
Organizations really need experts on human behavior.
Zero Trust can be effective but there needs to be an “and then what” that needs to be added to encompass the human part.