How can we stop insider theft?

By Rory Bathgate
published

Identity management could be the first line of defense against insider theft, and AI has a role to play

The words 'How can we stop insider theft?' with 'insider theft' highlighted in yellow and the other words in white, against a lightly blurred photo of a USB resting on a Mac keyboard
(Image credit: Future)

As businesses increase their digital estate, insider theft poses an increasingly large risk. Whether it’s through malicious parties gaining access to crucial systems and data or employees stealing information to which they should never have had access, firms should be considering these scenarios carefully.

This has been exacerbated by the economic climate, with layoffs and a greater reliance on third-party individuals leading to a lack of oversight and cohesion when it comes to access management. Stolen credentials or over-provisioned contractors can be the first crack in the armor for any business.

In this episode, Rory speaks to Fran Rosch, CEO of digital identity specialist ForgeRock, about the pressing need for better scrutiny of third parties and how companies can control systems access through identity governance. 

Highlights

“By leveraging technology, you can really limit your exposure, because you really understand who has access to what and you're limiting the privilege to information unless it's absolutely needed for people to do their jobs.”

“When we think of this accidental user-driven compromise, a lot of it comes down to good old-fashioned phishing, or spear phishing… where users get an email, they think it's from their colleague or they think it's from IT.”

“What we believe, ultimately, is that through open standards and policies there have to be several different… credential issuers or identity providers (IDPs). And as long as they follow open standards, then companies can go ahead and rely on them.”

Read the full transcript here.

Footnotes

Subscribe

Rory Bathgate
Rory Bathgate

Rory Bathgate is a staff writer at IT Pro covering the latest news on UK networking and data protection, privacy and compliance. He can sometimes be found on the IT Pro Podcast, swapping a keyboard for a microphone to discuss the latest in tech trends.

In his free time, Rory enjoys photography, video editing and graphic design alongside good science fiction. After graduating from the University of Kent with BA in English and American Literature, Rory took an MA in Eighteenth-Century Studies at King’s College London. He joined IT Pro in 2022 as a graduate, after four years in student journalism. You can contact Rory at rory.bathgate@futurenet.com or on LinkedIn.