Course info
Oct 13, 2017
2h 2m

Insider threats are growing and the impact from often over-looked insider threats can threaten organizations. You need to be on the lookout for an increasing number of accidental breaches by employees storing confidential data on unsecure cloud storage. In this course, Cybersecurity Threats: Insider Threats, you'll learn how serious the risk is from insiders, how insiders can threaten an organization, and how to protect against them. First, you'll explore how to detect both a malicious and an accidental insider threat. Next, you'll discover how to respond and contain an insider incident. Finally, you'll learn the best practices and countermeasures you can deploy to help protect your organization from insider threats. By the end of this course, you'll have learned how to approach the insider threat, and be able to prepare your insider threat plan, including detection, containment, and prevention measures to protect your organization.

About the author
About the author

Richard has worked for over 20 years in various technology management roles working in card payments and regulated financial sectors. He spent several years deploying niche payment card solutions in Europe and more recently as CIO, serving the US mortgage sector. Richard specializes in IT Risk and Information Security management.

More from the author
Security Compliance: The Big Picture
1h 42m
Feb 12, 2019
More courses by Richard Harpur
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Do you have an insider threat program in your organization? Both the Verizon Data Breach Investigation Report and the ENISA annual Threat report have insider threats as a top 10 threat facing organizations today. Hi, my name is Richard Harpur, and welcome to my course, Cybersecurity Threats: Insider Threats. Accidental insiders are frequently forgotten when assessing risks within organizations. Malicious insiders are intent on personally gaining at the expense of the organization. Every organization has risks from both of these types of insiders, and I will teach you how to address that risk. I'm going to start by showing you why the insider threat is so important and the damage that can be cause from an insider threat. As we progress through this course, you will learn how to recognize and detect insider threats, what motivates a malicious insider to attack your organization, how best to detect insider threats and suspicious behavior, and what approaches you should take when you need to respond to an insider incident. Finally, what countermeasures can you put in place to defend your network from insider attacks? By the end of this course, you will be fully informed and know what to do to defend your systems from insider incidents. I hope you join me on this course to learn all about Cybersecurity Threats: Insider Threats at Pluralsight.

Who Are the Insiders and What Are Their Motives?
In the earlier module, we addressed the myth that insider threats are only about disgruntled employees. We now know there's many other types of insiders. The problem is that insiders are not very well recognized until an incident occurs. In this module, I'm going to explain in more depth who the insiders are and what their motives are. By the end of this module, you will be well prepared to recognize insiders in your organization. Let's have a look at what's coming up in this module. We're going to look at recognizing insiders. This will broaden out what is the classic definition of an insider and help to set your radar antenna to look at different types of scenarios for your own organization. We're also going to look at the external insider. Hmm, I know that sounds like an oxymoron, but we'll look at the clear definition of insider threats again and look at how external parties may fall into the insider threat definition. Finally, we're going to look at the motives. What drives insiders to carry out attacks? Why would they even think about it? In order to identify insider threats in your organization, you need to start understanding the motives for attack. Finally, we're going to apply some hands-on experience to what we've learned. We're going to take the Globomantics organization and look at how that's structured so that we can identify insider threats for Globomantics. Let's get started.

Incident Response: Containment and Recovery
In this module, we're going to move on and discuss what you need to do once you've detected an insider incident. Here's our context map. We've already defined what an insider threat is. Also, we have identified the insiders and their motives. Finally, we covered detecting insider threats. So now that we've detected an insider threat, what is the best way to respond to this type of incident? So let's have a look at what's coming up in this module. Firstly, we're going to discuss incident assessment. This is a key part of responding to any type of security incident. Then we're going to discuss what steps you can take in the remediation process, undoing what damage has been done by the insider incident. Next we will discuss how to eradicate the insider threat. It may not be as simple as just removing the malicious insider from your organization. We're going to discuss the role of forensics and evidence gathering as part of the response. And finally, we'll discuss crisis management, how best to manage the communication flow and what might be a crisis for your organization. So let's get started with incident assessment.

Countermeasures and Best Practices
In this module, we're going to be looking at countermeasures and best practice that you can apply in your organization to defend against insider threats. Throughout this course, you've learned a lot about the concepts of insider threats, how different types of insiders can be threats to your organization, such as malicious and accidental insiders. We've also looked at how to detect insider threats using tools and technology. Now, this module is the call to action. What steps can you put in place to protect your organization? Let's have a look at what's coming up in this module. Firstly, we're going to look at the context for insider threats, a reminder as to why insider threats are such an important risk to protect against. We're going to take a brief look at the ENISA cyber threat report and show you where the insider threat risk fits in with other types of information security risks. From there, I'm going to present a whole list of best practice that you can implement in your organization. Think of this as your project plan or your to-do list once you complete this course. Following that, we're going to look at the tools and some technology that you should consider deploying within your organization. I'm not going to be comparing the different types of tools from various vendors. Instead, I will discuss the categories of tools that might be used for different types of protection against insider threats. And finally, we're going to wrap up this module and the course with providing you with some pointers on where you should go next to get more information on cybersecurity threats. So let's get started with reminding us of the context for insider threats.