Great article through Info-Security Magazine from David Green, CSO at Veriato regarding understanding both the personal... and professional mental health of our employees.
"Security systems that call on psycholinguistic indicators and powerful investigation tools are indispensable for a growing number of companies concerned about threats from within. But even the best technology can’t root out every potential problem.
Used in tandem with a little common sense, you stand a better chance of getting inside an employee’s head and anticipating harmful behavior. Someone under obvious stress at work (example: a recent poor performance review) or at home (a known family problem) bears watching. So do employees who’ve given notice, or suspect their job is at risk, that may decide to walk out with some of your assets.
When it comes to dealing with insider threat, there are no silver bullets. A combination of people, process, and technology is required."
Nicely said David. It definitely involves collection of information across many groups within an organization. It's too bad that often these groups are siloed. Insider threats are designated to HR, cyber is designated to IT, and physical security is designated to facilities. Perhaps these groups could be combined into a single security department, and report to the highest levels of the organization. That way, they could make the business case for a unified security approach and funding.