New Solutions to the Evolving Definition of Insider Risks
Welcome to the second post from Forcepoint's 2023 Future Insights series, which offers insights and predictions on cybersecurity that may become pressing concerns in 2023.
Here's the next post from Mike Crouse. Director for Enterprise User and Data Protection at Forcepoint G2CI:
Changing political and societal perspectives have fundamentally altered the way organizations need to think about managing insider risks. People’s perceptions and behaviors are evolving and hardening due to misinformation and disinformation, and events like the move to remote work and the impact of political movements have influenced the pulse of almost all organizations.
In some cases, these issues have created significant workplace challenges. Look no further than the pushback some companies have received from reversing remote work plans, or the tenuous position Twitter found itself in while trying to protect itself against insider risks.
These and other outside influences could impact organizational culture and security. For example, employees sympathetic to one cause or another could purposefully attempt to steal IP or exfiltrate sensitive information based on their personal beliefs. They could engage in potentially harmful behaviors that could adversely affect workplace culture, safety, and productivity.
These challenges will continue into 2023 and beyond, reshaping the way organizations manage insider risks in four ways:
The definition of insider risk will change
Insider risk can lead to breaches and acts of espionage, but it can also include negative behavior that impacts both individuals and their colleagues.
In 2023, organizations must adapt their approaches to insider risk to accommodate this new definition. They will need to adopt dynamic monitoring programs that measure the pulse of the organization in addition to preventing data loss prevention.
Agility will be key to the success of these programs. People’s behaviors can change over time. Depending on how an employee’s perspectives and beliefs change, that individual may turn into a security risk.
Organizations’ insider risk monitoring systems must be agile enough to account for these potential changes."
Continuous behavioral monitoring will become even more important
Organizations will need to expand continuous evaluation and user activity monitoring practices to account for changing user behavior patterns, similar to what the U.S. Department of Defense is doing with its continuous vetting program and recent focus on expanding User Activity Monitoring activities.
Continuous behavior monitoring allows organizations to monitor fluctuations in users’ behavior patterns and compare them to their baseline behaviors. Right now, this is being used mainly to tell if a person is accessing information in an unusual manner. But in 2023 and beyond, continuous behavior monitoring will also be useful in gauging unusual behavioral patterns that go well beyond how a person is accessing organizational data and systems.
For example, continuous behavior monitoring can be used to determine if a person is becoming disengaged from their colleagues or work, or if they’re beginning to stockpile unusually large amounts of data. The insights could indicate that an individual has become at best less productive, at worst a potential insider risk and threat to the organization.
Organizations will need to consider ways to build employee risk profiles respectfully and legally
The type of content a person posts on their social media channels might show a different side of the individual than their colleagues see at work. Accessing and monitoring publicly-available information from these social media channels—responsibly and legally—can give organizations a more complete risk profile of their employees.
In 2023, more organizations will be amenable to this practice, but they must tread lightly. They will need to consult with their legal teams to ensure they have the authority to mine social media data and look for trends.
Organizations collaborating with foreign companies will likely be the first movers in this area, as organizations attempt to mitigate threats from global adversaries. Efforts like Trusted Workforce 2.0 will also be critical in setting boundaries and moving social media monitoring forward in a respectful and legal manner.
Content disarm and reconstruction and other solutions will make these efforts successful
While continuous behavioral monitoring will be instrumental in evaluating people’s changing behaviors and demeanors, there are many other technologies that will effectively protect against insider threats in 2023.
One of the most exciting is content disarm and reconstruction (CDR). CDR automatically examines content for malware and disarms suspicious files. It protects users from inadvertently opening malicious files and passing them along, in the process becoming accidental insider risks.
We will also begin to see more integration among different types of security technologies. Expect Cloud Access Security Brokers (CASBs) to be combined with other solutions, such as user activity monitoring, business intelligence, and case management technologies, to create a better safety net against insider risks. User risk scoring will be integrated into CASBs, firewalls, and other access points for optimal protection, and there will be increased orchestration of different control points for more active responses and automated remediation.
All of this will be supported by analytics that will provide organizations with actionable intelligence. With this intelligence in hand, they will be able to adapt and anticipate where the next insider threat might come from.
Just like people, organizations can evolve. They will need to do both in 2023 if they are to protect their brands, data, and employees.