Insider Threat Management – Is Your Data Safe? (Critical Tips)

Insider threats - how to protect your data. CurrentWare

Insider threat management is critical for protecting sensitive data against theft, misuse, and loss. The privileged access that insider threats have give them the ability to cause significant damages.

The 2020 Ponemon Institute Cost of Insider Threats report found that the average cost per insider incident rose from $8.76 million in 2018 to a staggering $11.5 million in 2020. In this article I will outline the core principles and technologies organizations use to protect sensitive data against insider threats.

FREE WHITE PAPER

How to Keep Data Safe
When Offboarding Employees

Concerned about the damage a terminated employee could cause with access to sensitive corporate information, account passwords, and other data?

Click the button down below to learn the best practices for managing insider threat risks & gain access to a checklist of key items you must include in your offboarding process.

Get Access Now

What Are Insider Threats?

Negligent insider threats

Insider threats typically fall into one of two major categories: negligent and malicious.

Negligent insiders make up 62% of the attacks reported in the Ponemon report. This type of insider threat can be further categorized into two subtypes: accidental and non-malicious. Accidental insiders unknowingly cause damage through genuine mistakes, whereas non-malicious insiders intentionally break company policies and procedures without malicious intent.

Negligent insiders are employees that:

Fall victim to phishing and social engineering attacks
Non-maliciously break company policy to expedite processes
Unintentionally share sensitive information with unauthorized recipients (misaddressed emails, oversharing during conversations, etc)
Misplace printed documents and data storage devices that contain sensitive information

Malicious insider threats

Malicious insiders are a serious concern. They typically cause damage to the company through IP theft, sabotage, fraud, and espionage. The motivations of malicious insiders include disgruntled employees seeking to cause harm and employees seeking financial incentives from competitors or threat actors that are willing to pay for data.

Malicious insiders are employees that:

Sell company IP to competitors for monetary gain
Steal PII from company databases and sell it to fraudsters on the internet
Are disgruntled and seek to cause damage to their employer by deleting data, breaking equipment, or otherwise sabotaging business processes

Best Practices for Managing Insider Threat Risks

1) Policies & Procedures

A businessman hands a piece of paper and a pen to their employee to sign

Insider threat management is fundamentally a human problem. Policy development is crucial for establishing clear expectations for employees. Employees that are provided with clear guidance will be better prepared to handle sensitive data and systems appropriately.

Core policies and procedures:

Credentials management. Procedures and expectations for protecting accounts from unauthorized use. Topics include password management, lockout policies for unattended workstations, and the company’s stance on account/credentials sharing.
Acceptable use policy. Guidelines of expected user behavior on company networks. These policies often include disclosures of the technology used to monitor employees for high-risk behavior.
Data protection policy. These policies provide insiders with clear behavioral and procedural expectations for accessing, storing, and using protected data.
Employee offboarding. Employees that have resigned or have been fired present a high risk to sensitive data. Detailed IT and HR procedures need to be in place to decommission user privileges, closely monitor file transfers, and ensure that disgruntled employees do not become malicious insiders.

2) Insider Threat Management Training

Employees that are fully equipped to recognize and respond to insider threats are valuable assets for protecting sensitive data. Regular training ensures that employees are aware of the potential risks their actions can have. This mitigates the potential for non-malicious insiders to inadvertently put sensitive data at jeopardy with high-risk but well-intentioned behavior.

Critical insider threat training:

Regular review of organizational policies and procedures
Best practices against common insider threats such as phishing and social engineering
Awareness of key indicators of insider threats such as abnormal requests from coworkers, extensive use of data transfer devices (USBs, printers, etc), and behaviors associated with disgruntled employees

3) Technical Safeguards

A hand motions to press a cell phone. A glowing lock icon floats above them

There are a diverse mix of technologies used to detect, prevent, and remedy insider threat risks. These technologies are generally used to restrict access to data or monitor for high-risk behavior.

Examples of technical safeguards:

Employee monitoring software. User behavior analytics establishes a baseline of what is considered normal for the organization. These tools detect anomalous behavior such as large data transfers, attempts to use restricted data storage hardware on company endpoints, and other deviations from expected behaviors.
Privileged access management. PAM solutions ensure that accounts with elevated permissions are only given the minimum access required to perform their job functions. These tools are crucial for reducing the potential damage that would be caused by compromised accounts.
Data loss prevention. DLP tools and endpoint security software enhance data visibility and restriction capabilities. Common features include identifying high-risk data, preventing unauthorized data transfers, and tracking the lifecycle of protected data.

FREE Trial: AccessPatrol USB Device Control Software

4) Remote Workforce Considerations

A photo of a glowing model of earth. A man's hands surround the Earth. Icons representing data and internet surround them

Insider threat risks have been compounded by the sudden rise in mandated remote work. Companies that were ill-prepared for the transition may lack the data protection infrastructure to maintain visibility while employees work off-site. Increased employee stress from the pandemic, layoffs, and sudden drastic change are also likely to contribute to an increase in insider threat risks.

Remote workforce security tips:

Limit personal device use. An employee’s personal device cannot be monitored and managed as thoroughly as company-provided devices. This lack of visibility reduces the organization’s ability to identify and manage insider threat risks.
Restrict cloud data access. Organizations that shift from on-premise to cloud-based data access need to ensure that privileged access management remains in place for these new platforms.
Update data protection policies. Security policies need to be current and relevant for a remote workforce. Organizations must address remote-specific considerations such as prohibiting the use of insecure public networks and outlining remote data access procedures.

5) Protect Data During Employee Offboarding

The employee offboarding process presents significant data security risks. Employees have intimate access to corporate data, insider knowledge of the organization’s systems, and a level of trust that can allow them to steal data undetected.

70% of intellectual property theft occurs within the 90 days before an employee’s resignation announcement
88% of IT workers have stated that they would take sensitive data with them if they were fired
72% of CEOs admit they’ve taken valuable intellectual property (IP) from a former employer
50% of respondents in a Symantec survey say they have taken information, and 40% say they will use it in their new jobs

These vulnerabilities need to be addressed as part of any insider threat management program. Click here to learn the best practices for protecting data during a termination and gain access to a downloadable IT offboarding checklist.

Conclusion

Insider threat management is not strictly a technical problem. An effective strategy combines technical solutions with administrative safeguards such as employee awareness, organizational best practices, and policy enforcement. It must also recognize the unique vectors used by negligent and malicious insiders to compromise sensitive data and manage those risks accordingly.

Need to protect sensitive data? Get a FREE Trial of CurrentWare

Dale Strickland

Dale Strickland is the Digital Marketing Manager for CurrentWare, a global provider of user activity monitoring, web filtering, and device control software. Dale’s diverse multimedia background allows him the opportunity to produce a variety of content for CurrentWare including blogs, infographics, videos, eBooks, and social media shareables.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.