Who are organizations protecting their data from, and what are their motivations? For most people, the profiles that come to mind are a lone, malicious hacking wiz out to own corporate networks or an international cyber spy looking for highly sensitive trade secrets.
Shady actors such as these are, of course, a big source of security trouble. However, a significant threat to data protection also comes from the inside — an organization’s staff. Insider threats can take a variety of forms and affect organizations of all sizes, and it takes a multi-faceted approach to effectively combat them.
In a recent study, security analytics firm Lancope found that insider threats are a rising concern for businesses, as 40% of survey respondents called them a substantial risk for their companies. Yet, as awareness of the concern is rising, many organizations have their work cut out for them in understanding the nature of the threats and what they can do to address them.
To help organizations lay the foundation for an insider threat management approach, the U.S. Department of Homeland Security’s National Cybersecurity and Communications Integration Center (NCCIC) offers some helpful guidance. Beginning with an outline of characteristics commonly associated with threat actors, such as introversion, lack of empathy, and intolerance of criticism, the report goes on to suggest procedural and technical strategies that can be effective in reducing risks.
To advance the discussion raised by the NCCIC, lets take a look at some of their top recommendations and some considerations for making them work against insider threats:
Data access monitoring and SIEM – While certainly a component of an effective strategy, monitoring systems also needs knowledge management tools to be actionable. In the case of insider threats, establishing triggers for high-risk access behavior and mapping activity to critical data assets is important.
Identity management – Data authorization structures and controls can minimize the risk of insiders compromising sensitive data. However, an effective approach involves more than just deployment of a tool. The solution involves careful planning, expert analysis and savvy project management.
Encryption – Not all insider threats are the work of deliberate malfeasance. They can often be the effect of negligence or an employee’s compromised computer. Data encryption is particularly important for mitigating damage from these threat types, and organizations need to put in the work to clear roadblocks to effective encryption.
Training – Beyond the ongoing skill enhancement of professionals dealing with insider threat management, training for the employee population can build insider threat awareness, socialize cues to watch for and educate on best practices for handling incidents.
Lunarline has incorporated insider threat management into our cyber security products and solutions — from onsite privacy training to full-scale managed security services. Learn more about our solutions, and how they can help you by visiting us at lunarline.com or contacting us today.