Fighting the Insider Threat: It’s All About Spotting Risk Sooner

As Backup Awareness Month rolls into its second week, we’re pushing beyond backup to show you how endpoint data collection and protection is the core of a comprehensive enterprise data security strategy.

First, the bad news

We’ve been harping on insider threat for years now. Most IT and InfoSecurity professionals know that insiders are often the biggest threat to their organization’s data security. The problem is that things aren’t getting any better. Insider threat is a growing risk in the enterprise world. Seven in 10 businesses have had a significant incidence of malicious data theft in the last 12 months, according to Accenture. Verizon’s 2017 Data Breach Investigations Report found that insiders were responsible for 1 in 4 data breaches in 2016—no improvement on the previous year. Quasi-insider attacks are also accelerating: Phishing and sophisticated social engineering attacks increasingly find clever ways to compromise users’ legitimate credentials—and then move silently through an organization’s digital infrastructure.

Most businesses still can’t spot insider threats—not in time, anyway

Despite knowing that insider threat is a huge problem, nearly a third of all businesses still don’t have a dedicated strategy or tools to mitigate the risk. Those that do have a program aren’t in much better shape. Only nine percent say their insider threat prevention strategy is “very effective.” Lacking good tools—or any tools—it’s no wonder that 43 percent of businesses need a month or more to even realize they’ve had an insider threat incident. The more time between the incident and detection, the greater the damage—more data leaked, less visibility of how far the breach goes and a much lower chance of reclaiming or restoring the lost information.

Now, for some good news

The obvious challenge with insider threat is separating the everyday, legitimate activities of authorized users from negligent, malicious or otherwise high-risk activities. But here’s the thing about people: they’re predictable. That means insider threats are predictable. Most insider threats follow basic archetypes, and even the outliers tend to follow patterns. For example, Deloitte found that almost all insider threat cases (97 percent) involve an employee who exhibited some form of suspect or high-risk past behavior; 92 percent were preceded by a negative work event like a reprimand, demotion or termination; and 90 percent of users responsible for data loss incidents have a history of violating IT policy.

Do you have the tools to fight insider threat?

The basic idea of insider threat prevention is pretty simple: See the patterns. Spot the risk. But the tricky part is gaining the visibility into your users’ endpoint activities. With the right tools in place, you can monitor endpoint activity, establish a baseline for what “normal” looks like and take a truly proactive and predictive approach to spotting risk and taking action quickly and definitively.

Download the Insider Threat Toolkit to learn how to spot risk sooner. Then check out the on-demand webinar, Building a Blueprint for an Insider Threat Program, to hear firsthand insights from InfoSecurity leaders.