Last week, the Insider Risk Community team held the third annual Insider Risk Summit and we were blown away by the attendance, engagement and overall excitement to solve this growing and critical problem. For two and a half days, experts, leaders and practitioners all came together to address the Insider Risk challenge with a more modern approach. The community gathered virtually to hear from a powerhouse lineup of over 50 speakers from companies like MITRE Insider Threat Research & Solutions, Booz Allen Hamilton, Accenture, PwC, Gartner, Atlassian, Kudelski Security, Microsoft, Optiv and many more.

Media from CSO, Dark Reading, ISMG, The Register, VentureBeat and more attended to cover the event. Each session was interactive and lively, with attendees chatting with the speakers in real-time. Case studies were examined, problems were discussed openly and lessons learned were shared for the benefit of all. Our industry-leading sponsors were the backbone of the event. A huge thank you to Code42, Exabeam, LogRhythm, Okta, Palo Alto, Rapid7, Beyond Identity, Booz Allen Hamilton, CyberArk, Elevate Security, Microsoft, PwC, Tines, Optiv, Red Vector and our media partner The CyberWire.

A lot of healthy debate and discussion emerged during this year’s event. Below are a handful of the biggest topics discussed during the show.

  • The Insider Risk Management (IRM) category continues to grow - Just how big of a deal is Insider Risk? In the opening keynote, Joe Payne, Code42 President & CEO and Chairman of the Insider Risk Summit, talked about the real-world examples that demonstrate the true cost of Insider Risk. He talked about how over a billion dollars of intellectual property have been moving back and forth within the self-driving car industry thanks to departing employees from Waymo, Uber, Apple and Tesla. And he recounted how Insider Risk became a $2 billion problem for Pegasystems after a government contractor misappropriated trade secrets from Appian. When you make the headlines, it’s already too late.
  • Our rapidly changing world is creating risk, but also opportunity - Unsurprisingly, much discussion centered around how the pandemic era launched a period of immense change that continues to have wide-reaching ramifications on the way we work. Keynote speaker Pablos Holman, technology futurist, inventor, world-renowned hacker & viral TED speaker, took a lofty stance on the potential of today. In his session “Paralyzed by Fear,” Pablos said he believes we are living in a renaissance, with the potential to reinvent almost everything humans do using the superpowers of automation, robotics and machine learning. At the same time, risks from adopting new technology are in the news every day – hackers, disinformation, surveillance, losing jobs to robots. If we are paralyzed by fear of these possible failures, we will fail to realize the potential in these technologies.
  • Malicious vs. negligent vs. accidental - It’s no surprise that most decision makers focus on malicious insiders. From a psychological perspective, the threat feels more urgent simply due to its more black and white nature. However, many speakers at this year’s Summit illuminated the even greater prevalence of negligent and accidental insider data leaks.
  • Respecting employee privacy is an important part of IRM - Monitoring is a critical part of managing Insider Risk, but there’s a big difference between monitoring data movement and reading all employee emails. Organizations must protect user privacy and be transparent with employees about what is being monitored and why.
  • Automation eases security burnout - Workloads continue to increase and security teams remain understaffed. According to research from Tines, over 70% of security analysts report experiencing burnout. Several speakers talked about automation as a part of an IRM strategy, enabling security teams to scale, standardize and accelerate their overall process.
  • Building an IRM program: Where do I start? How do I get buy-in? - During the event, we heard a lot from the trailblazers who have already successfully launched an IRM program. Matt Gregson and John Boles from PwC walked through practical steps using a Risk First/Then Tech approach. They also spoke about bringing together key stakeholders, which was echoed in Exabeam’s session, “Successful Partnering for Insider Risk Management.” Exabeam Head of EMEA Security Strategy Sam Humprhies chatted with her colleagues, CHRO Gianna Driver and CISO Tyler Farrar, about defining shared objectives and metrics, partnering with the wider business and positive promotion of IRM to employees. Finally, the CISO panel was a must-see, with CISOs Jadee Hanson from Code42, Yaron Levi from Dolby, and Sara Lazarus from Stavvy, discussing how Insider Risk impacts the organization from the C-level.

Thank you to all our speakers and sponsors who made this year’s Insider Risk Summit a huge success.

Couldn’t join us? You have until Friday, October 7 to register and get access to all 2022 sessions on-demand for the next 30 days. Register here.

You can continue to earn CPE credits during this period. If you would like a certificate for the sessions you watched please email within 90 days of the event.

Want to stay in touch with the community? Join the Insider Risk Knowledge Share Slack group to be a part of the Insider Risk Summit Community and keep the conversation going. Join here.