Insider threat management is critical for protecting sensitive data against theft, misuse, and loss. The privileged access that insider threats have give them the ability to cause significant damages.
The 2020 Ponemon Institute Cost of Insider Threats report found that the average cost per insider incident rose from $8.76 million in 2018 to a staggering $11.5 million in 2020. In this article I will outline the core principles and technologies organizations use to protect sensitive data against insider threats.
FREE WHITE PAPER
How to Keep Data Safe
When Offboarding Employees
Concerned about the damage a terminated employee could cause with access to sensitive corporate information, account passwords, and other data?
Click the button down below to learn the best practices for managing insider threat risks & gain access to a checklist of key items you must include in your offboarding process.
Insider threats typically fall into one of two major categories: negligent and malicious.
Negligent insiders make up 62% of the attacks reported in the Ponemon report. This type of insider threat can be further categorized into two subtypes: accidental and non-malicious. Accidental insiders unknowingly cause damage through genuine mistakes, whereas non-malicious insiders intentionally break company policies and procedures without malicious intent.
Negligent insiders are employees that:
Malicious insiders are a serious concern. They typically cause damage to the company through IP theft, sabotage, fraud, and espionage. The motivations of malicious insiders include disgruntled employees seeking to cause harm and employees seeking financial incentives from competitors or threat actors that are willing to pay for data.
Malicious insiders are employees that:
Insider threat management is fundamentally a human problem. Policy development is crucial for establishing clear expectations for employees. Employees that are provided with clear guidance will be better prepared to handle sensitive data and systems appropriately.
Core policies and procedures:
Employees that are fully equipped to recognize and respond to insider threats are valuable assets for protecting sensitive data. Regular training ensures that employees are aware of the potential risks their actions can have. This mitigates the potential for non-malicious insiders to inadvertently put sensitive data at jeopardy with high-risk but well-intentioned behavior.
Critical insider threat training:
There are a diverse mix of technologies used to detect, prevent, and remedy insider threat risks. These technologies are generally used to restrict access to data or monitor for high-risk behavior.
Examples of technical safeguards:
Insider threat risks have been compounded by the sudden rise in mandated remote work. Companies that were ill-prepared for the transition may lack the data protection infrastructure to maintain visibility while employees work off-site. Increased employee stress from the pandemic, layoffs, and sudden drastic change are also likely to contribute to an increase in insider threat risks.
Remote workforce security tips:
The employee offboarding process presents significant data security risks. Employees have intimate access to corporate data, insider knowledge of the organization’s systems, and a level of trust that can allow them to steal data undetected.
These vulnerabilities need to be addressed as part of any insider threat management program. Click the button below to learn the best practices for protecting data during a termination and gain access to a downloadable IT offboarding checklist.
Insider threat management is not strictly a technical problem. An effective strategy combines technical solutions with administrative safeguards such as employee awareness, organizational best practices, and policy enforcement. It must also recognize the unique vectors used by negligent and malicious insiders to compromise sensitive data and manage those risks accordingly.