Verizon breach report: Threat actors gave any agreeable janitor a USB drive to quietly stick into any networked computer at the company. Security experts provide their insights on what makes for a successful insider risk policy. Have a strong risk management program and continuously monitor your risks to ensure you can prevent insider attacks, experts say. The worst time to assess risks and find the right technologies is when dealing with an incident, so create a strong security program that has preventative measures baked in from the start.”]
Source: https://www.csoonline.com/article/3173852/what-should-an-insider-risk-policy-cover.html