Increased C-Suite Recognition of Insider Threats Through Modern Technological and Strategic Mechanisms.

A C-Suite is responsible for the actions of its organization, and this responsibility indicates that the C-Level executives may be expected to know the "in's-and-out's" of the organization to a remarkable degree of specificity. But the days when an organization's chief executive would walk the plant and point out safety or manufacturing concerns to the floor supervisor are long gone, despite the popularity of "undercover boss" type programming. It is much more likely that C-Suite executives have very little visibility into the day-to-day processes and tools their employees utilize, as the knowledge economy has increased worker specialization and employee tasks are much closer to bespoke processes. In response to this new type of working environment, employees are choosing their own tools, preferences, and applications, and integrating those into their organization's day-to-day activities. This in turn, may cause difficulties associated with top-down management of information, security governance and strategic planning. Traditional office paraphernalia--like photo frames and potted plants--are now internet of things (IOT)-enabled bring-your-own-devices (BYOD) which, quite unlike the plants pose significant challenges and risks to the organization's information technology infrastructure and create further challenges associated with insider threats, whether intentional or not. This technological revolution, its impact on worker activity and an increased possibility of intentional and unintentional insider threats is not without a silver lining. The underpinnings of the technologies that allow workers to better do their day-to-day work can also enable executives to focus on the important data points of an employee's behaviors and activities, one can then summarize and present those data points in an intelligible way to support and provide a defensible platform for corporate decision making. In this paper, we highlight some of these modern tools and explain how they may be used within the organization to look at a number of insider threats, including ongoing fraud and corporate malfeasance. We also looked at unintentional "bad practices" that, while not directed towards corporate harm may expose the organization to data breach or other leakage issues and some of the newest trends that incorporate behavioral analytics to identify those employees most likely to engage in harmful activities, before the employees have taken the first "wrong" step down that path. This paper will also examine the care with which these tools should be deployed and suggest some constraints for their operation and use. Finally, we will review how the data from these tools can best be distilled into reports appropriate for C-Suite review and utilization in support of executive decision making while still considering privacy and other employee and legal issues. [ABSTRACT FROM AUTHOR]