Sunette Runhaar (Uber): Why managing Insider Threat is so challenging, and how to start

Summary

• Understanding Insider Threats
  Insider threats encompass both malicious and negligent behaviors by individuals with legitimate access to organizational assets. Sunette explains that negligent insiders, acting unintentionally, are just as dangerous as those with malicious intent.

• Insider threat roots in human psychology
  The origins of insider threat programs stem from Cold War intelligence practices. These threats exploit human emotions—greed, ego, and relationships—making people unpredictable and difficult to monitor through purely technical means.

• Two-fold challenge: detection and prevention
  Detection is hindered by privacy regulations and cultural differences, especially in Europe. Prevention alone is insufficient because behavior is context-driven and unpredictable. A blend of technical controls and cultural awareness is necessary.

• Cultural and regional differences
  The U.S. has a higher proliferation of insider threat programs due to cultural norms like job mobility and reduced employer-employee loyalty. In contrast, Europe’s stronger labor protections and trust-based workplaces present different risks and sensitivities.

• Start with the basics, not tools
  Organizations often mistakenly prioritize expensive monitoring tools over foundational elements. Building security awareness, blocking data exfiltration paths, and aligning with business operations are the real starting points for insider threat programs.

• AI as a double-edged sword
  AI presents both threats (deepfakes, sophisticated phishing) and opportunities (predictive analytics, behavioral modeling). Mature programs can use AI to detect early indicators of risk and monitor organizational health and culture shifts.

• Empathy is crucial
  Empathy is highlighted as a core skill for insider threat professionals. Understanding human motivation helps predict behaviors and maintain trust with employees, particularly during stressful events like layoffs or organizational changes.

• Holistic and collaborative approach
  Successful insider threat programs must integrate efforts across legal, HR, IT, cybersecurity, and physical security. Collaboration prevents redundancy and ensures a seamless, company-wide response to potential threats.

• Stakeholder engagement drives success
  Insider threat programs must avoid isolation. Transparency, collaboration, and shared responsibility among departments are critical to build effective and accepted programs.

• Future-ready programs embrace organizational health modeling
  Predictive capabilities enabled by AI allow companies to anticipate risk areas based on team dynamics, workplace culture, and macroeconomic factors.