When it comes to threat detection, spotting malicious insiders is one thing. They often leave a trail. But how do you protect against the accidental insider threat? Mike Siegel, VP of Product at Forcepoint, shares strategy and solutions.
To start, it's important to know what malicious and accidental insiders have in common and where they differ, Siegel says.
"The accidental insider and malicious insider are both trusted users on the network," he says. "It's just that one doesn't intend to do you harm, and the other explicitly intends to do harm."
And while high-profile cases such as Edward Snowden and Private Manning have brought due attention to malicious insiders, accidental insiders are often overlooked in risk assessments. As Siegel reminds: "The statistics actually show us that we have far more accidental insiders in our organizations than we do malicious insiders."
In fact, the accidental insiders often believe they are acting in the line of duty when they make their mistakes. Among the red-flag activities to look for: Employees who take home sensitive work to complete on unsecured personal networks, or workers who click on infected links in phishing emails. "[They're] people who don't intend to do the wrong thing, but they may be targeted, they may be preyed upon by people who could be looking for them to be susceptible."
Education is a partial solution - but not nearly enough, Siegel says. Organizations also need to deploy tools such as spam filters, secure gateways and sandboxing technologies to help mitigate the vulnerabilities introduced by human behavior.
In an interview about mitigating the accidental insider threat, Siegel discusses:
Common characteristics of the accidental insider; How to avoid falling into the trap of "sawtooth compliance;" His vision of "total protection" to ward off internal and external attacks.Siegel is vice president of products for Forcepoint, LLC. He leads product management, technical marketing and analyst relations, and helps define the company's strategic direction. Siegel joined Websense in 2013 and helped sell the company to Raytheon Company in 2015.
Prior to Websense, Siegel worked three years with venture funded Mocana Corporation as vice president of products. Before Mocana, Siegel spent nearly a decade at McAfee. Prior to McAfee, he was a financial analyst for Deutsche Bank's technology investment banking group.
Siegel received a bachelor's degree from the University of California at Berkeley, and an MBA from U.C. Berkeley's Haas School of Business.