Insider Threat: Organizations Must Focus on RiskSoftware Engineering Institute's Randy Trzeciak on Hybrid Workforce, Insider Risk
The definition of insider threat seems to have evolved since the hybrid workforce became the norm during the COVID-19 pandemic. More organizations are now talking about the "compromised insider." Randall Trzeciak, deputy director of cyber risk and resilience, Carnegie Mellon CERT Division, Software Engineering Institute, said that in the last three years, insider threats have changed to insider risks.
Organizations are now focusing on risk, incorporating what's currently being done from a physical security and cybersecurity standpoint, along with an ability to identify insider threats, Trzeciak said. Further, the evolution of the hybrid workforce has affected how insider risks are detected.
"We've seen a number of the non-malicious incidents increase over the past two to three years. With the pandemic, there was more remote workforce, so the ability to be distracted at home increased, where people are not necessarily paying full attention and they potentially could cause some harm through the non-malicious accident as well," he said. "That's something that security organizations consider normal in the hybrid environment versus when you have people physically in a brick-and-mortar facility.
In this video interview with Information Security Media Group at RSA Conference 2023, Trzeciak also discusses:
- Best practices to reduce the risk of insider threats to organizations;
- Key components of effective insider risk programs;
- Effectiveness of an insider risk program and how organizations can measure them.
Trzeciak has over 30 years of managerial and technical experience in the information technology domain, including information security risk management, insider threat mitigation, cybersecurity assessments, software engineering, project management, and database design, development and maintenance. He is the director of the MSISPM program and CERT professor at Carnegie Mellon University.