According to a recent PwC report, “incidents attributed to hackers, competitors and other outsiders have declined. However, those attributed to insiders, such as third parties—including suppliers, consultants and contractors—and employees, have stayed about the same or increased.”
These attacks, commonly referred to as “Insider Threats” are generated with intent, such as in the case of fraud and sabotage, or inadvertently by human error and negligence. Regardless of the cause, these incidents result in heavy financial impact to organizations-sometimes totalling up to $5 million.
Business leaders are becoming increasingly aware of these dangers-just listen to the news and it’s obvious that data security is a top concern of companies and individuals everywhere. In parallel, we are witnessing changing regulations, requiring organizations to incorporate Insider Threat risks into their security programs.
How should organizations respond?
Effective solutions must protect the IT environment, proactively detect suspicious behavior, and rapidly respond to incidents as soon as they occur. A structured and proactive risk-oriented approach that incorporates the following elements is recommended.
First, a profile of each employee should be evaluated, taking into account factors such as responsibility, rank, potential access to confidential information, and operating knowledge to fulfill his/her duties. With this information, organizations can benchmark the static risk associated with each user.
Second, organizations should take into account the evolution of the employee’s role and function. For example, the risk weight of an employee may change depending on whether he resigned (“a good leaver”), whether he was dismissed for disciplinary reasons (“a bad leaver”), or whether he is on vacation or on sick leave. It is also interesting to know, at a given moment, if the employee is located on-premise, or working from home. Adding this type of context provides additional data to accurately assess the dynamic risk of each employee.
Third, organizations should develop relevant risk scenarios. For example, a bank desperate to protect customer information will focus on various internal vector data exfiltration: impressions, storage services in the cloud, USB equipment, etc. However, a company needing to ensure production and delivery 24/7 365 days a year, will prioritize reliability and employee productivity. The development of risk scenarios should derive from thorough risk assessments that include organizational vulnerabilities, threats, and probability of occurrence.
Finally, organizations should have in place a robust platform that can effectively handle collecting and integrating endpoint and end user data which can be easily visualized and used for effective decision making.
Technology solutions that utilize a three-phased approach of analyzing static risk, dynamic risk and building risk scenarios are rare. However, once implemented, such solutions can dramatically improve an organization’s security posture by limiting the impact of human error, rapidly detecting potential security incidents and by complicating the lives of potential malicious employees. In fighting this problem, organizations should take into account this risk management approach and choose the right technology solution accordingly.