In the wake of massive data breaches such as those at the U.S. government’s Office of Personnel Management, health insurer Anthem and retailer Target, an enterprise’s initial reaction might be to tighten the security around networks and data. However, you may be forgetting one critical component: the insider threat.
Nearly 72 percent of U.S. federal actions involving employee theft in 2014 involved small businesses – organizations with fewer than 500 employees, according to the 2015 Hiscox Embezzlement Watchlist. Within that group, four of every five victim organizations had fewer than 100 employees, and more than half had fewer than 25 employees.
Before November 2009 little attention was paid to the silent threat cultivating inside of the U.S. Army. That all changed when a common U.S. Army officer, Major Nidal Hasan, killed 13 soldiers and injured 30 others during a shooting spree in the morning hours of November 5, 2009, at Fort Hood, Texas. The significance of insider threats has been reiterated with the shooting at the Washington, D.C., Navy Yard, and the intentional crashing of a Germanwings jet into the French Alps.
"2013 was a gangbuster year for embezzlement in the United States, exceeding even 2012’s previous record pace,” says Christopher T. Marquet, author of The 2013 Marquet Report on Embezzlement, released in December 2014. “What is remarkable is depth, magnitude and frequency of employee theft in the U.S. economy. Vermont topped the list of highest embezzlement risk states in the nation for the third time in six years.”
For the next generation of enterprise security leaders, is there a clear path forward to success? Enterprise security leaders discuss mentorships, education, certifications and the skills new CSOs and CISOs will need to succeed in their evolving roles and bring value to the business. But the problem is: with existing security leadership roles varying so widely, is the development of a uniform skill set even possible?