By Isaac Kohen, VP of R&D, Teramind, provider of behavior analytics, business intelligence and data loss prevention (“DLP”) for enterprises.
Whether businesses are grappling with rapidly changing market conditions, continued pandemic disruptions, geopolitical conflicts or shifting workplace arrangements, threat actors are looking to take advantage of the moment to undermine network integrity or compromise data privacy.
In many ways, their efforts are bearing fruit. According to a recent industry survey, 66% of respondents indicated they experienced a ransomware attack in 2021, a 37% year-over-year increase. Meanwhile, threat actors send billions of phishing emails every day, putting companies a click away from a significant cybersecurity or data privacy incident.
When coupled with record-high recovery costs and devastating reputational damage, it’s no wonder companies continue to direct more financial and personnel resources toward cybersecurity efforts.
When doing so, Verizon’s 2022 Data Breach Investigations Report makes clear how to optimize these investments: prepare to defend against insider threats. Notably, the report found that 82% of data breaches involve the human element, including “social attacks, errors, and misuse.”
Insiders, including employees, contractors, vendors and other trusted third parties, pose a serious cybersecurity risk. They have legitimate access to a company’s IT network, allowing accidental or malicious insiders to cause significant damage. That’s why every organization needs to account for insiders, recognizing that mitigating insider threats is key to guarding against cybersecurity risks.
Here are three critical elements of effective insider risk management.
1. Embrace human intelligence.
Insider threats include unintentional and intentional acts that undermine cybersecurity, and human intelligence can help companies identify and respond to insider threats. As the U.S. Cybersecurity and Infrastructure Security Agency, or CISA, helpfully explains, “An organization’s own personnel are an invaluable resource to observe behaviors of concern, as are those who are close to an individual, such as family, friends, and coworkers.”
Since these people are best positioned to understand someone’s shifting life circumstances and related challenges, they can offer critical context to potentially problematic behavior.
For instance, behavioral indicators might include:
• Dissatisfied or disgruntled insiders
• Documented attempts to avoid security protocols
• Changing work patterns or regularly working off-hours
• Displaying resentment for co-workers or leadership
• Contemplating resignation or actively looking for new job opportunities
To translate observations into action, companies should adopt a “see something, say something” policy, equipping every employee with the communication structure to report potential threats before they become vulnerabilities.
When implemented effectively, these programs can make human intelligence a critical part of an effective insider risk management program.
2. Leverage software solutions.
In today’s digital-first business environment, software solutions are an important part of an effective insider threat prevention program.
Specifically, companies should look to three software categories to detect, deter and prevent insider threats, including:
• User activity monitoring. This software assesses insiders’ digital activity to identify malicious or risky activities. It can often be configured to prevent unwanted behavior or notify cybersecurity teams, allowing businesses to be more responsive to insider threats, regardless of their physical location.
• User and entity behavior analytics. This software identifies irregularities by establishing baseline behavior and alerting leaders when employees differentiate from these norms. For instance, user and entity behavior analytics would highlight an employee accessing company networks at unusual hours or transmitting abnormal data quantities or entities.
• Endpoint monitoring. This software protects company data from theft, preventing insiders from accidentally or maliciously exfiltrating sensitive data.
(Full disclosure: My company offers these software solutions.)
When companies leverage software solutions to enhance their human intelligence efforts, they can receive real-time alerts to anomalous behavior, better control company data management, enhance network visibility and more.
Ultimately, when technology works in tandem with human intelligence, businesses are best positioned to reduce the risks of insiders compromising network integrity or data privacy.
3. Focus on prevention.
As businesses navigate this disruptive moment, insight and control of insider activity are increasingly important. For example, a recent industry report found that there is a 37% chance that companies will lose intellectual property when employees leave an organization. At the same time, 96% of survey respondents reported challenges protecting company data from insider threats.
However, only one-fifth of organizations specifically allocate a portion of their cybersecurity budget to insider threats.
In this case, the ancient adage, “an ounce of prevention is worth a pound of cure” is especially appropriate. The cost and consequences of failure are extensive while improving employee awareness and holding all employees accountable for data management and cybersecurity standards is comparatively cheap.
By focusing on prevention rather than responding to the repercussions of a cybersecurity incident, every company can make insider risk management a built-in component of their cybersecurity efforts. As the most recent research proves, it could be the difference between success and failure when failure simply isn’t an option.