Insider threat definitely isn’t slowing down in 2018—because it’s a human problem, and most companies aren’t getting rid of humans anytime soon. Forrester just released a playbook that gives data security leaders a starting point for improving their insider threat programs in 2018. The report lays out a clear path for moving toward smart, context-aware risk detection—without slowing users down.
Most insider threat strategies are still flawed
According to the Cybersecurity Insiders 2018 Insider Threat Report, most organizations surveyed (73 percent) say they have controls in place to detect and respond to insider threats. Unfortunately, traditional DLP is the tool most commonly used. As we’ve explained before, this is a faulty approach, as data loss prevention (DLP) software forces “all or nothing” policies and can leave valuable IP unprotected. Moreover, while 90 percent say monitoring and profiling data activity and data access is important, most companies only monitor some of the data, some of the time. And while analytics and AI are transforming other parts of digital business, only one in three companies are using analytics to monitor user data activity and movement.
Three questions every data security leader should ask
As you read the report, think about your organization’s own insider threat program and ask yourself the following questions:
- Can you protect all your data—structured and unstructured, on servers, in the cloud and on user endpoints?
- Can you see when and where that data moves, so you can pinpoint risky activity early?
- Does your insider threat detection solution give you smart alerts you can trust and use (i.e., not overwhelming you with false positives)?
If you can’t confidently answer “YES” to all three of these questions, then you absolutely need to read the new Forrester report.
Forrester’s Mitigating Insider Threats: The Security Playbook