“In an era of sprawling cloud and consumerized IT, the challenge of security is not just to figure out who and what needs to be protected, but how to do so in the simplest way possible. This book drives this point home, and shows how to take friction out of security for users without putting data in jeopardy.” —DUG SONG, cybersecurity expert, cofounder and CEO of Duo Security, and cofounder of Arbor Networks
“This book addresses a problem that needs focus—insider threat is a very real issue that organizations need to grapple with and understand. It’s one of the greatest underserved risks in cybersecurity today.” —AMIT YORAN, CEO of Tenable, former president of RSA, former national cybersecurity director at DHS, and former director of US-CERT
“I never thought I’d read a book about cybersecurity insider threats that is actually—dare I say it—engaging. By illustrating technical points with compelling stories and examples, this book becomes a productive read not only for the CISO, but also for the CIO, the CHRO and the CEO.” —CHIP HEATH, author of best-sellers Switch, Made to Stick, Decisive, and The Power of Moments
“Today, some of the most pressing problems in security revolve around insider threats and data security. Code42’s book provides new perspective on these problems and how much more important they have become in the increasingly remote and distributed workplace, suggesting major changes in how we approach data security.” —MARTIN ROESCH, cybersecurity expert, creator of Snort, and founder of Sourcefire
“I’ve seen too many organizations feel they have a cybersecurity program because they have a few cybersecurity products. This book really shows how the care of your data is fundamental to protecting it.” —RON GULA, cyber industry pioneer; developer of Dragon, one of the first commercial network intrusion detection systems; cofounder of Tenable Network Security
“While many executives understand security threats from outside their company, most don’t protect their business from insiders. Employees lose, steal, or misplace data more often than businesses realize, costing billions. Inside Jobs is packed with powerful examples and actionable advice every senior executive needs to know in a fast-paced book that can be finished in one plane ride.” —DAVID MEERMAN SCOTT, marketing strategist, entrepreneur, and best-selling author of eleven books, including Fanocracy and The New Rules of Marketing & PR
“Data leaks are going to happen. Code42’s approach to insider threat detection shows you exactly what you need to know when your confidential data is walking out the door and what to do about it.” —MIKE WASSERMAN, security orchestration engineer at The Pokémon Company International
“Minneapolis-based Code42 (data security software) explores the challenges of the digital revolution in Inside Jobs: Why Insider Risk is the Biggest Threat You Can’t Ignore and makes the case that threats from insiders introduce significant risk to the enterprise.
The modern enterprise seeks competitive advantage through digital transformation initiatives that require a highly collaborative culture. In the rush to deliver tools to enhance innovation, provide better access to information, and improved employee collaboration, many enterprises unintentionally introduce intellectual property, privacy, and security risks that may have serious consequences.
Inside Jobs recommends embracing enterprise collaboration, but suggests addressing unhealthy, pervasive attitudes that introduce ‘data security dilemmas.’ These dilemmas force security teams to introduce a patchwork of policies, processes, and technologies that often don’t protect enterprises, customers, or shareholders. The book focuses on three themes: introducing a new data security mindset, recruiting change agents to support today’s modern collaboration culture, and recommending new processes and technology to facilitate collaboration while protecting data.
Addressing insider threats starts by acknowledging and addressing core reality: many employees feel entitled to share, copy, and store company files and data anywhere it helps them be more productive. If there is a will to bypass today’s processes and data security controls, there is likely a method for employees to do it. Rather than fight the uphill battle of data exfiltration with more controls, more policies, more people, Inside Jobs suggests enlisting a team of cross-functional change agents focused on addressing insider risk who are tasked with promoting a progressive, safe, and responsible data security culture.
Building a culture of data security that adequately addresses insider threats takes enterprise wide training, innovation, and collaboration friendly data security policies, and the executive support. Enterprises must also have a focused, cross-functional team regularly evaluating enterprise readiness, awareness, and response to evolving insider threats.
Inside Jobs is a timely reminder how insider risks are often introduced as enterprises digitize and modernize. The book uses real word examples and presents dire consequences from mistakes made in the effort to gain competitive advantage. The book doesn’t seek to shame us, but remind us that enterprise risk is often introduced by initiatives with the best of intentions.” —PETE CHRONIC, cybersecurity thought leader, former SVP and CISO of Warner Media and CSO of Earthlink, and author of The Cyber Conundrum