5 Ways to Combat the Insider Threat

By: Jo-Ann Smith | 10/10/2017

October is National Cyber Security Awareness Month, a global campaign run annually to raise awareness about the importance of cybersecurity. We’ve asked some of our leading security experts here at Absolute to chime in on some of the most pressing issues in cybersecurity today. In Part 2 of this series, we bring you insight from Jo-Ann Smith, our Director of Technology Risk Management & Data Privacy, who brings extensive insight into the complexities of compliance, security architecture design and forensic analysis to enterprises. See Part 1 in this series: Fostering Digital Citizenship in Education.

Cybersecurity in the workplace is everyone’s business. Why? Because insider threats remain the top vulnerability for organizations across all industries. Up to 43% of all breaches are the result of insiders either inadvertently or maliciously putting data at risk, whether that’s clicking a phishing link, uploading files to the cloud, losing a device or the unsuspecting insider whose identity has been compromised. Insiders have the necessary credentials and access to do significant damage to your business - and most of this damage happens accidentally. A recent SANS survey found that insider threats continue to be one of the top threats organizations face and that data exfiltration is increasingly focused on user credentials and privileged account information, a situation which will inevitably lead to greater unsuspecting insider threats.  

Only true visibility and a preventive approach can unmask the insider threat and mitigate the risk. Here are the top 5 ways that organizations can protect against the most common insider threats:

1. Understand that insider threats come in all shapes and sizes. Understanding how motivation, behavior and negligence lead to insider threats can be key to mitigating these risks. Prepare programs that address the three most common types of insiders: negligent, malicious and unsuspecting.

2. Create a culture of security. The National Institute of Standards and Technology (NIST) Cybersecurity Framework states that security be a core element of an organization’s culture and services, helping create a culture that is more adaptable to the changing risk landscape. Such a culture would also support open dialogue on data risks and challenges to improve organization-wide learning about security best practices. Establishing this “tone from the top”, with executive and board buy-in to the culture of security, has been a proven differentiator in creating effective cybersecurity policies.

3. Create a risk management team and risk register that qualifies and quantifies risks for remediation and subsequent mitigating steps. The team should create KPIs and audit and report on risk levels to show status and improvement year over year.

4. Improve visibility over highly sensitive data, converging protection of physical assets and digital assets. Lack of control and visibility over data and devices prevents the enforcement of data security policies and leaves organizations with no way to detect suspicious behavior. Our recent Ponemon study found that 63% of organizations could not monitor endpoint devices when they left the corporate network. Our data at-risk discovery tools give you the ability to scan endpoints for sensitive files (even those in cloud applications) and remotely recover and delete data from at-risk devices while Reach allows organizations to execute custom discovery, compliance and remediation tasks.

5. Incorporate automation into your security strategy. Most organizations piece their security strategy together, leaving gaps that create vulnerabilities to costly attacks. Only 28% of organizations currently incorporate automation into their security strategy, costing organizations significant amounts of money and resources chasing down false security alerts and leading to delays in breach detection and remediation.

The insider is merely a means to an end when it comes to cyber attack. The question is, how to detect and deter the insider threat? For more, read our Whitepaper: The Enemy Within - Insiders Are Still the Weakest Link in Your Data Security Chain

Financial Services