The threat of an attack on the business from insiders is real and substantial, and the impact can be devastating, going beyond just financial damage. Surveys have shown that as many as 30% of the electronic crimes affecting organizations are perpetrated by a trusted user. But enterprises constantly underestimate or ignore the danger. Most insider attacks can be prevented through a layered, defense-in-depth strategy that blends policies, procedures, and technical controls. In this talk I adapted from my session at EIC 2011, I will describe how a comprehensive and holistic approach to identity and access management can help in mitigating these risks.
[Adapted from my talk at the 2011 European Identity Conference // Associated Blog Post: blog.talkingidentity.com/2011/06/deploy-multi-layered-security-to-combat-insider-threats.html]