What are the biggest takeaways you hope attendees walk away following your session?
Mark: Cybercrime and Insider Risk are not just technical problems but also psychological problems - a human problem and definitely a management responsibility. Sixty to 90% of cybersecurity breaches involve “human error”. Many companies believe they have no problem with Insider Risk. But, they underestimate that Insider Risk is often invisible and remains so.
After successful espionage, no one will call up the organization and inform them about it. Perhaps they wonder how their competition was able to catch up with them so quickly. Data leaks are often invisible and underestimated. In my session, I will talk about the Psychology of Cybercrime & Insider Threats, how and why it happens and what we can do to secure our companies and raise the awareness level.
What do you think is the biggest misconception about Insider Risk?
Mark: I think the number one misconception that I keep running into is that all insider threats are malicious and have a clear destructive intent. That's wrong. It's not even the majority. Laziness, carelessness and negligence are bigger enemies. Go to the business lounge at Brussels airport and listen to the phone calls and see how many laptops are left unlocked and unattended. Unbelievable - and these people should know better.
What do you think is most exciting about the security industry today?
Mark: As a Crime Analyst and Profiling Expert, I compare the profiles of different groups of offenders. People believe that serial killers or violent offenders are certainly the most interesting. Absolutely not. I've had the most interesting interviews with hackers and white-collar criminals. When people commit crimes (for money) even though they have enough money, it always becomes psychologically interesting. I will show in my Keynote that there is often a motive behind the motive.
What area in security or business gets a lot of attention but doesn't really have as much meaningful impact on security posture or business outcomes?
Mark: I am not saying that too much is invested in purely technical security (such as firewalls), but I am saying that the human factor is underestimated. Never forget: every door is only as strong as the person who has the key. You can have the best firewall in the world. But if I call you and manipulate you to give me access, it’s useless. Of course, it is good to ban or forbid external USB sticks (technical security). But what if someone takes a picture of the screen with their own iPhone? It is always a combination of technical security and psychology.
What was your proudest moment as a security professional? Or, what was your most challenging moment?
Mark: It is a privilege to help people become a "human firewall", but prevention is not always the easiest business. The budget for cybersecurity is often only available after an attack has already happened. I like the famous JFK quote:
“There is only one thing more expensive than education in the long run: no education." - John F. Kennedy
The same applies to cybersecurity.
What is always on your desk when you work from home?
Mark: My list with all passwords (just kidding)... coffee definitely.
Join us at the Insider Risk Summit
The Insider Risk Summit, the industry’s leading conference on Insider Risk Management (IRM), brings together security leaders and practitioners and industry experts to learn, interact and share best practices in the IRM space. More than just one moment in time–the Insider Risk Summit is a community of organizations and security professionals that understand collaboration, productivity and enablement of users while meeting data security challenges. In its inaugural year in 2020, more than 2,000 security professionals registered for the event, which is held annually in September during Insider Threat Awareness month. For the most up-to-date news about the Insider Risk Summit and the IRM community, go to insiderrisksummit2022.com or follow along on LinkedIn and Twitter.