Focus on the insider threat is fine, but maintaining balance is better

Focus on the insider threat is fine, but maintaining balance is better

Numerous security experts have urged an increased IT security focus on the insider threat. However, according to a CSO editorial from Andres Tabares, that only addresses half the picture at best.

"For example, a bank needs to share information with auditors, regulators, suppliers, vendors and partners. The data transfers associated with these external organizations are absolutely critical for continuing business. However, they also happen to be quite risky activities, with an elevated probability of data loss, and thus a huge negative impact to the bank's reputation, when not properly controlled," Tabares wrote.

This means that IT security at other companies must also be considered, he noted, because if a partner organization lacks, for example, SSL certificate protection, the risk of a breach can be greatly exacerbated. Non-technical matters like employee instruction in basic security protocol are also important.

Experts say that regular audits of partner organizations' security measures - along with, of course, a business' own - should be featured prominently in a responsible IT security policy.