Mitigating The Growing Insider Risk

Uploaded on 2024-04-10 in TECHNOLOGY--Resilience, JOBS-Training, FREE TO VIEW

Organizations continue to have significant concerns about the risks posed by their insiders, and for good reason: no one outside the organization knows the ins and outs of critical networks, systems and internal security measures like an inside employee.

Many factors, including the ever-changing digital landscape, make insider risk a bigger threat than ever before. 

According to a recent study from the Chartered Institute of Information Security, some cybersecurity professionals have been selling their services on the dark web. In the wake of layoffs and, per Gartner, an industry exodus sparked by work-related stress, the fear that an ex-employee might offer sensitive information to bad actors is a legitimate one. In fact, according to IBM Security, 6% of all data breaches are initiated by malicious insiders, and these breaches are often the costliest.

In many cases, these insider cyber-attacks are the result of disgruntled employees, with many instances of insider theft happening in the 30 days before an employee’s departure.

The impact of insider risk is very real, taking, on average, 10 to 11 months to identify and contain breaches stemming from insider risks, costing resources and negatively impacting overall revenue. What’s even more concerning, insider risk doesn’t require explicit malintent. So, in addition to worrying about employees going rogue, organizations must also worry about good old-fashioned negligence. Looking at the big picture, it’s more urgent than ever for organizations to ensure they apply the right technology at the right time to mitigate insider risk.

It’s Time To Be Proactive

Risk mitigation is a journey and not a destination. While no one can claim to fully mitigate all risk, there are some effective and proactive measures organizations can take toward mitigating insider risk. This starts with layering two critical technologies within organizations: user activity monitoring (UAM) and behavioral analytics. 

In simplest terms, UAM passively monitors employee activity so organizations can collect data to better understand baseline behavior and, in turn, proactively flag any departures from it. Risky behaviors include working unusual hours, stockpiling large amounts of information, or attempting to access restricted data—to name a few. But other instances of concerning activity could include web searches for new jobs or resume-writing tips.

By integrating UAM with behavioral analytics, organizations can gain the necessary insight and quantify the risk of anomalous behavior as compared to the user themselves or their respective peer group.

An employee who doesn’t have access to very sensitive information would have a low baseline risk score. But if their behavior changed, the risk score would rise. These scores help security analysts quickly and effectively respond to changes in behavior that could indicate a looming insider threat. 

The Importance of Employee Privacy

While technology can minimize insider risk, it can also have the opposite effect if not implemented correctly, carefully, and communicated to employees. To some, UAM can sound as though a company could be spying on employees to keep tabs on productivity. In reality, this is not the case with more effective UAM technologies. These solutions are designed at the core to do less spying and more risk scoring and quantifying.

Truly effective UAM provides enhanced visibility of risks while protecting employees and organizations from the intrusive spying features off less effective UAM tools.

Using the right solutions helps organizations as a whole meet the goal of being more informed, and more secure. But unless this is proactively explained to employees, it could undermine that very goal. 

When an organization introduces a UAM program, HR and legal must be part of the conversation from the beginning. Awareness training and product overview sessions should be provided to the C-suite and employees alike. Demonstrate the use cases and behaviors that drive the data collection policies and ensure all policies have been approved by the board and align with data privacy guidelines. While capturing logins and access to data is useful for company cybersecurity, there’s no reason to monitor logins to personal social media or bank accounts. Similarly, while analysts should be able to see digital behavior data and an employee’s overall risk score, as they should not be privy to any personal information.

Effective insider risk programs implement guardrails to protect employee privacy while also ensuring protection exists for sensitive organizational data. If the proper governance and oversight is not included, the program runs the risk of undermining its mission. Employees must be fully informed about the insider risk program from day one.

The Bottom Line

Insider risk is a real and growing threat for organizations across industries: laid off employees may turn to the dark web to earn extra cash, disgruntled employees may try to steal data on their way out, and even the best-intentioned employees may make extremely harmful mistakes. Insider risk is not a matter of if, but when.

Insider risk can be costly, but it can also be mitigated. When it comes to implementing an insider risk program, there’s no time to waste. Organizations must put technology in place to proactively identify risky behavior and quickly remedy any threats that arise.

Image: 

Mike Crouse is Director of Insider Risk at Everfox

You Might Also Read: 

Zero-Trust: Protecting From Insider Threats:

DIRECTORY OF SUPPLIERS - Insider Threat Protection:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Make Sure Your Disaster Recovery Plan Works When You Need It Most
The AI Future: Three Tips For SMBs »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

TEISS

TEISS

Teiss.co.uk is a website dedicated to providing information about cyber security. TEISS also provide a series of conferences and events focused on cyber security.

Intelligent Business Solutions Cyprus (IBSCY)

Intelligent Business Solutions Cyprus (IBSCY)

IBSCY Ltd is a leading provider of total IT solutions and services in Cyprus specializing in the areas of cloud services and applications, systems integration, IT infrastructure and security.

Qrator Labs

Qrator Labs

Qrator Labs is a leader in DDoS attack mitigation, helping organizations protect their websites from the most harmful, sophisticated DDoS attacks.

Spohn Solutions

Spohn Solutions

Spohn combines highly-experienced staff with a vendor neutral approach to deliver optimal solutions for IT Security and Compliance.

CICRA Consultancies

CICRA Consultancies

Cicra Consultancies is a company that specializes in cyber security. Our major activities are guided by three main principles: Prevent, Investigate, Prosecute.

Telefonica Global Solutions (TGS)

Telefonica Global Solutions (TGS)

Telefonica Global Solutions is the technological partner of wholesalers and enterprises, helping them to achieve the digitalization they need.

QuantiCor Security

QuantiCor Security

QuantiCor Security is one of the world’s leading developers and manufacturers of quantum computer resistant security solutions for IT infrastructures and the Internet of Things (IoT).

Virtual Technologies Group (VTG)

Virtual Technologies Group (VTG)

Virtual Technologies Group is a single source, IT product and services provider for SMBs and IT departments, delivering reliable, cost-efficient service, maintenance and support solutions.

Crayon

Crayon

Crayon is a customer-centric innovation and IT services company. We provide guidance on the best solutions for our clients’ business needs and budget with software, cloud, AI and big data.

Cylab - Carnegie Mellon University

Cylab - Carnegie Mellon University

Carnegie Mellon University CyLab is the University's security and privacy research institute.

Endure Secure

Endure Secure

Endure Secure is a managed cyber security & information security consultancy. Our passion for IS and our understanding of the threat landscape is reflected in the services that we provide.

VLC Solutions

VLC Solutions

VLC Solutions is an independent solutions and technology service provider offering Cloud Services, Cybersecurity, ERP Services, Network Management Services, and Compliance Solutions.

EdgeWatch

EdgeWatch

EdgeWatch is a platform that helps information accredited security practitioners discover, monitor, and analyze devices that are accessible from the Internet.

Collabera Digital

Collabera Digital

Collabera Digital engineer the next generation of solutions that power tech-forward organizations and create an impact on people and communities.

ZoobeTek

ZoobeTek

ZoobeTek are a company focused on preventing leaks related to the security of business information3.

Alchemy Security Consulting

Alchemy Security Consulting

Alchemy Security Consulting specialise in offensive and defensive cyber security. We find the weak link in your security so you can patch it up fast and avoid being hacked.