Employee Threats to Critical Technologies Are Best Addressed Through a Formalized Insider Threat Risk Assessment Process and ProgramNYSBA Labor and Employment Law Journal Spring 2018
Brian G. Cesaratto, Member of the Firm in the Litigation and Employment, Labor & Workforce Management practices, in the firm’s New York office, and Robert J. Hudock, Member of the Firm in the Health Care & Life Sciences practice, in the firm’s Washington, DC, office, co-authored an article in the NYSBA Labor and Employment Law Journal, titled “Employee Threats to Critical Technologies Are Best Addressed Through a Formalized Insider Threat Risk Assessment Process and Program.”
Following is an excerpt (see below to download the full version in PDF format):
The pace of innovative technology in financial services and other industries is accelerating. Firms are investing heavily to develop the next-cutting edge applications that will drive future growth. Industry efforts have expanded the “attack surface” of these new technologies to dishonest employees and other malicious insiders. As the scope and criticality of these information systems increase in the number of employees and other insiders (e.g., a vendor or service provider’s workers) who have or may seek to gain access for a financial motive or other illegitimate purposes. To best protect against insider threats, firms should develop an insider threat protection program comprised of workforce management policies and procedures and technical controls that specifically consider insider risks from employees and trusted business partners’ workers. A formalized and targeted risk assessment process is the best way to ensure the most effective combination of personnel measures and technical controls to counter the insider risks faced by the firm and its industry.