Three steps to keeping your company safe from insider threats
Insider threats are a growing problem within organizations, and whether they are intentional or accidental, often take months or longer to discover. Research from this year’s Verizon Data Breach Investigations Report found that insider incidents have been on the rise for the last four years, and that 34% of all breaches involve internal actors. Recent high-profile incidents like the American Express insider breach of cardholder information are unfortunately all too common.
These types of breaches are too significant to be ignored. Many of them involve sensitive data loss, including customer data and valuable intellectual property. Organizations in highly regulated industries, such as financial services, government and healthcare, are particularly vulnerable, since their data is widely known to be highly valuable. Even the most trusted employees, contractors and third-party partners can become potential threats, or targets for hackers and credential thieves.
Organizations need to equip themselves with the right knowledge and tools to defend against this growing threat type. Here are three ways to get started.
- Understand what motivates insider threats
An Insider Threat incident can happen when a trusted person abuses their authorized access to negatively impact the organization’s critical information or systems. Contrary to popular belief, an insider doesn’t always have to be an employee; they can be a vendor or third-party contractor with access to sensitive information. In fact, with the rise of the gig economy, more and more companies are opening up their workforce and rely on third parties.
What’s more, not all insiders have malicious motives. In fact, research from The Ponemon Institute shows that two out of three incidents happen due to employee or contractor negligence. However, malicious insiders should still be a major concern for organizations, as they can cause extensive damage without careful monitoring. Motives for malicious insiders can include financial issues, revenge or even loyalty to a foreign government.
Both security teams and HR professionals should understand what motivates insider threats. Many of the deeper personnel issues can be detected and resolved with the right knowledge, understanding and training for colleagues.
- Embrace cybersecurity awareness training for employees
Since most Insider Threat incidents are accidental, the right cybersecurity awareness training program can make all of the difference. According to SANS Institute research, 85 percent of security professionals saw a positive impact from these types of programs in their organizations.
Cybersecurity awareness starts with having a clearly defined security policy in place that employees can easily understand. Security teams should conduct training sessions that explain the policy to new employees and contractors, and refresh them on cybersecurity hygiene techniques at regular intervals. For example, simple actions like reusing passwords or using unauthorized software at work can unintentionally lead to an insider breach.
Even though training sessions may be happening, it can be difficult to determine how much information employees or contractors retain. That’s why real-time alerts and reminders can prevent mistakes and stop insiders in their tracks when they’re in the middle of a potential policy violation versus after the data has been taken.
- Ensure that security teams have visibility into user and data activity
If you can’t see an Insider Threat, how can you possibly respond in a timely manner? Unfortunately, many organizations do not have visibility into the suspicious user activity on their systems that causes insider incidents. Security teams may think that monitoring data movement is enough, but the truth is: Data doesn’t move itself. People move data!
What’s more, it can be difficult for security and legal teams to conduct Insider Threat investigations with information on data movement alone, without knowing the “who” behind it. By monitoring a combination of user and data activity, organizations can stop potentially damaging customer and intellectual property data loss before it happens, as well as conduct investigations swiftly and accurately.
For example, if a disgruntled employee is using a USB drive to remove sensitive files after business hours, a user and data activity monitoring tool could alert the security team to suspicious activity. Then, the team could launch an accurate investigation into who did “what,” “when,” “where,” and “why.” On the flip side, if there’s no history or intent of malicious activity, an informed investigation can exonerate an otherwise innocent employee or contractor.
A combination of people, processes, and technology (in that order) are essential for defending against insider breaches. “People” should involve well-trained security personnel as well as others in the organization including HR, legal, regulatory compliance and communications professionals who would be involved in incident response.
Employees and contractors themselves should be proactive stewards of their own cybersecurity hygiene to protect the organization from data loss. “Processes” should include establishing an effective cybersecurity policy and Insider Threat program. Finally, “technology” can help teams know the whole story on insider threats, by delivering key insights into both user activity and data movement.
With the right strategies in place, organizations can continue business as usual and informed employees and contractors can become your best defense.
Written by: Mike McKee
Mike McKee brings 20+ years of cross-functional, global experience in technology to his role as CEO of ObserveIT, the leading Insider Threat management company. Previously, Mike led the award-winning Global Services and Customer Success organizations at Rapid7, served as Senior Vice President of CAD Operations and Strategy at PTC, and Chief Financial Officer at HighWired.com. Additionally, he held analyst roles at Broadview Associates, McKinsey & Company, and Goldman Sachs. Mike played professional hockey as a defenseman for the Quebec Nordiques. He graduated cum laude from Princeton University, and received an M.B.A. with honors from Harvard Business School.