Positive Incentives for Reducing Insider Threat
In the 2016 Cyber Security Intelligence Index, IBM found that 60 percent of all cyber attacks were carried out by insiders. One reason that insider threat remains so problematic is that organizations typically respond to these threats with negative technical incentives, such as practices that monitor and constrain employee behavior, detect and punish misbehavior, and otherwise try to force employees to act in the best interest of the organization. In this podcast, Andrew Moore and Dan Bauer highlight results from our recent research that suggests organizations need to take a more holistic approach to mitigating insider threat: one that considers the impact of organizational behavior on insider motivations. In particular, positive incentives can complement traditional practices for insider threat defense in a way that can improve employee worklife as well as more effectively reduce insider risk.
About the Speaker
Andrew Moore is a senior member of the technical staff and lead insider threat researcher at the SEI, working in the CERT Division.
Moore works with teams across the SEI applying modeling and simulation techniques to cybersecurity and to system and software engineering problems. He has over 30 years of …Read more
Dan Bauer is an SEI alumni employee.
Dan Bauer joined the SEI in 2015 and has more than 20 years of human resource experience with a variety of organizations, most recently at CMU’s School of Computer Science and RAND Corporation. He has held a number of human resource leadership positions …Read more