Across the federal government, agencies are sharpening their focus on insider threat challenges, shifting toward proactive strategies identifying potential risks before they escalate. The most effective insider threat initiatives deliver the greatest impact when they start early in the lifecycle and are built around prevention instead of response.

That’s why Jon Besko, Program Director for Insider Threat at GDIT, sat down with Dan Velez, Senior Advisor for Insider Risk at Everfox to talk about insider threat prevention as a distinct practice different from cybersecurity, but complementary in a lot of ways.

“Employees today have access to vast amounts of information at our desks, and there’s a lot of potential for misuse, mishandling and so on,” Velez said, noting that cyber security is only one piece of the insider threat problem. Prevention, he said, begins with managing risk, looking at how an organization hires and on-boards staff, how it deals with issues, how it promotes, moves and escalates people across the organization, even extending to how it offboards people. “It’s a complete lifecycle to monitor,” he said.

Besko agreed noting, “While cyber and being on an IT system may be a vector to commit an attack, it really goes back to that human behind the keyboard, and we have to assess the risk that that human is presenting, and cyber is not the only answer to that.”