The Insider Threat: Majority of Canadian Organizations Still Unclear on What it Means
OTTAWA, Oct. 29, 2018 /CNW/ - A member of senior management is overheard discussing a contract bid in a crowded restaurant. An employee leaves a binder with confidential notes in a taxi. These are two examples of how unintentional actions can have serious consequences for firms. New research from The Conference Board of Canada shows that most Canadian organizations lack understanding around what constitutes an insider threat leaving them vulnerable to harm.
The report, Updating Our Knowledge of the Insider Threat, provides an update to a previous Conference Board survey conducted in 2012. At that time, only 13.9 per cent of survey respondents said their organization had an internal working definition of insider threat. While results from the most recent survey show that some progress has been made, less than a quarter (18 per cent) have a definition in place today.
"In an increasingly digital workplace, concerns around insider threats — particularly non-malicious and accidental breaches — are mounting. In this context, it is critical for organizations to have a clear definition alongside a plan of action to respond," said Rachael Bryson, Senior Research Associate, National Security and Public Safety, The Conference Board of Canada.
Highlights
- The term 'insider threat' refers to any employee who might deliberately or inadvertently cause harm to the whole organization.
- Organizational confidence in the ability to respond to insider threat incidents has decreased in the past five years.
- A comprehensive insider threat program will increase awareness, provide focused training and leverage multiple departments to combat a threat.
The increase in size and complexity of information technology, the integration of personal electronic devices in the workplace, complex supply chains, and a lack of training and awareness are just a few of the issues contributing to the challenge of identifying and addressing insider threats
While this increase represents progress, there are also some areas of concern. When asked if roles and responsibilities for managing insider threats are defined in their organization, 73.5 per cent responded "yes" in 2012. This year, just 46.4 per cent indicated the same, representing a 27.1 percent decrease. At the same time, over 40 per cent of respondents said they have received no insider threat training.
The report provides the following recommendations to help organizations in their efforts:
- Establish a clear and comprehensive internal definition of an insider threat.
- Build a comprehensive training program around insider threats for all employees.
- Raise awareness around what constitutes an insider threat to your organization.
- Implement clear, robust policies and processes to prevent and/or manage incidents.
- Leverage multi-functional teams to detect, deter, and respond to insider threats.
- Develop mechanisms for reporting possible insider threats.
The recommendations in this briefing follow an October 2017 survey of 267 respondents from Canadian organizations.
Follow The Conference Board of Canada on Twitter.
A copy of the report is provided for reporting purposes only. Please do not redistribute it or post it online in any form.
For those interested in broadcast-quality interviews for your station, network, or online site, The Conference Board of Canada has a studio capable of double-ender interviews (line fees apply), or we can send you pre-taped clips upon request.
If you would like to be removed from our distribution list, please e-mail [email protected].
SOURCE Conference Board of Canada
Yvonne Squires, Media Relations, The Conference Board of Canada, Tel.: 613- 526-3090 ext. 221, E-mail: [email protected]
Share this article