Insider risk in unmanaged home environments today has run amok. Insider attacks continue to ramp dramatically as we all deal with mental, economic and health stressors that continue unabated this year. To put this in perspective, and shine a light on a way forward, we tapped Derek A. Smith, former government agent, cybersecurity expert, author and speaker, to cover some of these strategies in The Complete Guide to Insider Risk.
One secret to the success of the human species is that we are hardwired to trust each other. It’s been the engine that drives our social connections since the beginning, and part of the reason we’ve managed so many great achievements. But sometimes we trust too readily, which often gets us into trouble.
We tend to think of company insiders as people who have passed that unofficial trust test. Recent high-profile data breaches suggest this trust is often misplaced. While we’ve been collectively focused on the threat from outside hackers, the truth is that most threats are coming from compromised, inadvertent, or malicious users inside your network.
Consider these points from recent studies:
- 53% of companies have experienced insider attacks against their organization in the previous 12 months.
- 72% of organizations feel insider attacks have become more frequent
- 53% of security leaders believe detecting insider attacks has become “significantly to somewhat more challenging” since migrating to the cloud.
- It takes an average of 77 days to find and contain an insider incident
Think about that last point—on average, it takes organizations over 2 months to contain insider incidents. That means the costs are significant, and in many cases, other related problems run much deeper.
In the eBook, Smith goes into detail about the following:
Start With Governance
Take another look at governance with your insider risk management goals in mind. Engage with your key stakeholders and examine compliance requirements driven by regulations (e.g. GDPR, HIPAA, CCPA, etc). Cover things like Identity & Access Management (IAM) lifecycle, linked accounts, roles, permissions, risk-based reviews, and policies.
Develop an Insider Risk Strategy
Review best practices for background checks, security awareness programs, and policies for social media, BYOD, and IoT devices. Identify which assets you need to protect, evaluate your security posture on a continuous basis, and develop an insider risk program that synchronizes your people, policies, processes, and technology. Then, of course, you need to continuously monitor employee behavior in real time – employing user activity monitoring and analytics capabilities such as DLP, IAM controls, and SIEM.
Automate Your Insider Risk Processes
In order to ensure that you can effectively scale to manage a robust insider threat detection process that can dynamically identify malicious intent and mitigate risks, you need an automated platform. Consider tools that allow you to: 1) identify the person trying to access protected assets, 2) profile users and predict risks, and 3) alert you, preferably in real time, so you can manually block users if necessary.
Any organization with proprietary data or valuable intellectual property is vulnerable to insider risks at the human point – where data is most valuable and most vulnerable. But there are ways to defend your critical data and client IP while avoiding heavy fines and loss of revenue and reputation.