That's why all insider access to systems must be "managed, monitored and audited" while also ensuring "the principle of least privilege to only give people the access they need at the time they need it," he says.

Putting that in place requires looking at insiders and "scoping some control around what they can do and limiting their exposure once they're through the front door," Lankford says. Read more..