CowboyRobot writes "Insider threats may not have garnered the same sexy headlines that APTs did at this year's RSA Conference. But two presenters with the Federal Bureau of Investigation (FBI) swung the spotlight back onto insiders during a session this week that offered enterprise security practitioners some lessons learned at the agency after more than a decade of fine-tuning its efforts to sniff out malicious insiders following the fallout from the disastrous Robert Hanssen espionage case.
The lessons include:
1. Insider threats != hackers.
2. Insider threat is not just a technical issue.
3. Good insider threat programs focus on deterrence, not detection.
4. Detection of insider threats must use behavioral-based techniques.
5. We have a long way to go"
Link to Original Source