The SANS Institute recently published a study, Insider Threats and the Need for a Fast and Directed Response. The study shared the results of a survey with over 700 respondents from a wide range of organizations covering the private and public sectors.
Two thirds of the respondents had a formal incident response plan. That’s the good news. Still one third had no plan or were uncertain if there was plan. But, that means two thirds had no provisions for dealing with an insider incident; and nearly half of all organizations are likely to experience an insider incident in the next 12 months according to CERT/CC. Further, most organizations found insider incidents more damaging than incidents instigated by intruders.
To get help with your response plan visit Coordinated Response.
To learn more about insider threats, get a copy of The Common Sense Guide to Mitigating Insider Threat from The Software Engineering Institute at Carnegie Mellon University.
Let us help you with a response plan review that considers insider threats. Addressing insider threats in your incident response plan is an industry best practice.
For more information on Insider Threat consider the following articles: