Which controls best mitigate insider threats in utility operations?

• A. Rely on perimeter security alone without monitoring user activity
• B. Enforce least privilege, monitor unusual behaviors, implement robust access controls, and multi-person verification for critical actions
• C. Disable access controls to speed up operations
• D. Only conduct annual reviews with no real-time monitoring

Answer: (B)

Mitigating insider threats in utility operations hinges on limiting what each person can do, watching how they behave, and ensuring that critical actions require more than one person to authorize. Enforcing least privilege means employees access only what they need to perform their job, so even if an account is compromised, the potential damage is contained. Robust access controls and privileged access management further reduce the risk by tightly controlling who can reach sensitive systems and what they can change. Monitoring unusual or suspicious behaviors provides real-time visibility and alerts so insider activity can be detected and stopped quickly. Multi-person verification for critical actions creates a solid check against single notes of judgment or deliberate misuses, making it much harder for a harmful action to go through without intentional oversight. In contrast, relying on perimeter security alone leaves internal risks unaddressed and without ongoing monitoring, while disabling access controls or performing only annual reviews offers little protection against evolving threats and real-time misuse.