Keeping Up with Insider Risk Management in an Ever-Changing Landscape
When you hire and train a new employee, you’re putting a certain amount of trust in that person. The fact is, a minimum amount of access to sensitive information like customer data and company information is necessary for your teams to do their work. How do you strike a balance between access to and protection of that information?
In the new book, Insider Risk Management: Adapting to the Evolving Security Landscape, Shawn M. Thompson discusses the threat a business’s trusted employees pose to their organizations. Sometimes unintentional, sometimes deliberate, insiders are responsible for a large number of cybersecurity events seen today. Using his deep experience in investigating and managing insider threats, Thompson advises businesses on how to reduce insider risk and keep their networks safe from information leaks.
Understanding the risk
The first step toward reducing insider risk is understanding the full scope of the problem. Thompson provides an in-depth look at the many issues businesses today face. He introduces the problem of insider threat and suggests proven solutions to help leaders take the next steps to prevent and manage it. His book divides the discussion into three major sections:
- The Problem—Although insider threat risks have grown, many organizations have done little to protect against them, let alone identify the issue. Thompson describes the risks businesses face and indicates the team members who can prove invaluable in supporting an ongoing risk management strategy.
- The Context—In this section, Thompson looks at the full scope of the dangers insider threats pose. He describes the many personas associated with data breaches, including careless employees, conscientious objectors, disgruntled workers, and thieves.
- The Solution—Although there’s no one solution to insider risk, Thompson outlines the many things businesses can do to develop and deploy a full-scale risk management plan. Those include actions like training and awareness, ongoing monitoring, and oversight and compliance.
Why insider risk management matters
While malware is the most likely cause of a security breach, insider threats follow close behind, with careless employees being the second most likely cause. Intentional internal attacks are also a reason for concern, with employers reporting that 30 percent of security events in the past 12 months was a result of staff deliberately working against them.
More alarming, though, is the fact that when insiders do compromise security, they cause serious damage. According to the CERT Insider Threat Center, employees cause double the damage external threats cause when they do strike. By focusing primarily on outside threats, companies could be leaving themselves open for even more damage than they would have suffered from an external hacker.
These statistics highlight the growing importance of protecting against internal threats. As it stands, many organizations aren’t prepared to manage insider incidents, let alone equipped to prevent them from happening in the first place. By first understanding the threats that exist within your network firewalls, your organization can create a risk management plan that keeps you safe.
Finding the solution
There are multiple stages involved in preparing a successful insider risk management solution, starting with writing a plan. This starts with first assessing your existing resources and determining how they’ll be put to use to educate, monitor, analyze, and investigate any issues within your network. Those include any software you have in place, as well as the personnel who can serve as your insider risk team.
As insider risks have become a serious threat for businesses, technology is evolving to accurately predict when threats are likely to escalate. Certain employee behaviors may indicate that someone may be terminating employment soon and potentially exfiltrating IP and proprietary information, which can put the business at risk. Software that monitors for these changes will alert your team to help keep a closer eye on those risks.
Thompson also details the elements involved in protecting businesses against insider threats, including what professionals can do before, during, and at the end of employment to reduce the risk of a security breach. These guidelines can be the first important step toward protecting your business against the insider threats you face every day.
Insider Risk Management: Adapting to the Evolving Security Landscape is packed with information that can help you develop an insider risk management strategy. Download your copy today to start protecting your business.
The New CISO Podcast: Management Tools
Exabeam News Wrap-up – Week of June 13, 2022
Exabeam in Action: Stopping Lapsus$ in Their Tracks
Ransomware: Bigger, Better, and Still Going Strong
Subscribe today and we'll send our latest blog posts right to your inbox, so you can stay ahead of the cybercriminals and defend your organization.
See a world-class SIEM solution in action
Most reported breaches involved lost or stolen credentials. How can you keep pace?
Exabeam delivers SOC teams industry-leading analytics, patented anomaly detection, and Smart Timelines to help teams pinpoint the actions that lead to exploits.
Whether you need a SIEM replacement, a legacy SIEM modernization with XDR, Exabeam offers advanced, modular, and cloud-delivered TDIR.
Get a demo today!