While organizations have long prioritized external cybersecurity risks, many have not paid enough attention to the risks posed by trusted insiders in their organization. This is a mistake. Insiders often already have access to sensitive data, and the risks, whether malicious or inadvertent, can potentially cause greater damage than external cybersecurity risks.
Two years ago, after a conversation with our Chief Information Security Officer (CISO), Bret Arsenault, we embarked upon an incredible journey developing Insider Risk Management in Microsoft 365, which organizations could use to identify and manage insider risks.
Throughout our journey we had the opportunity to speak to individuals in different disciplines within organizations across a variety of industries. These conversations helped shape our solution to address the needs of an organization to collaboratively identify and manage insider risks, while maintaining employee privacy and supporting a positive company culture.
Today, we invite you to come along on our journey by listening to Uncovering Hidden Risks, a series of podcasts with top notch insider risk experts!
These experts have a unique and deep understanding of insider risks, the challenges organizations face, and the people, processes and technology being used to address them. We are excited to have you listen in to our conversations as we discuss a range of interesting topics, ranging from hunting for risks using artificial intelligence to collaborating with HR and legal to build an effective insider risk management program.
Get ready to hear some great stories, gain a better understanding of insider risks and in the process learn something new. Listen to our show on the following platforms:
VP of Global Security and CISO at Rockwell Automation
Founder of CERT
Dawn is recognized as one of the world's leaders in insider threat mitigation. She has been working on the insider threat problem for three decades in various roles partnering closely with the Department of Defense, the Department of Homeland Security, the U.S. Secret Service, other federal agencies, the intelligence community, private industry, academia, and the vendor community.
CERT National Insider Threat Center, Carnegie Mellon University’s Software Engineering Institute
Dan leads the research and engineering efforts of the CERT National Insider Threat Center, where he and his team conduct empirical research and develop solutions that enable organizations to effectively manage insider risks.
Rob has over 14 years' experience professional experience in cybersecurity and software engineering and we talk about how new advances in artificial intelligence and machine learning take on the challenge of hunting for insider risks.
Episode 1, “Artificial intelligence hunts for insider risks”
In this podcast we have a wide-ranging discussion with Rob McCann, Principal Applied Researcher at Microsoft. Specifically, about how the power of machine learning and artificial intelligence can uncover hidden risks that would otherwise be impossible to find.
Episode 2, “Predicting your next insider risks”
In this podcast speak with Dan Costa, Technical Manager of the CERT National Insider Threat Center at Carnegie Mellon University’s Software Engineering Institute. We discuss the challenges of addressing insider threats and how organizations can improve their security posture by understanding the conditions and triggers that precede a potentially harmful act. We also explore, how technological advances in prevention and detection can help organizations stay safe and steps ahead of threats from trusted insiders.
Episode 3, “Insider risks aren’t just a security problem”
We are back with Dan Costa to explore how partnering with Human Resources can create a strong insider risk management program, a better workplace and more secure organization.
Episode 4, “Insider risk programs have come a long way”
In this podcast speak with Dawn Cappelli, VP of Global Security and CISO at Rockwell Automation and founder of CERT. We discuss the role of technology, psychology, people, and cross-organizational collaboration to drive an effective insider risk program today and things to consider as we look ahead and across an ever-changing risk landscape.
Episode 5, “Practitioners guide to effectively managing insider risks”
We are back with Dawn Cappelli to discuss about the steps to take to set up and run an insider risk management program. We talk about specific organizations to collaborate with, and top risks to address first.