In many instances, information security professionals allocate significant time and resources to protect an organization against malware, ransomware and other external threats. This approach has been the staple of information security for many years. As such, insider threats are major problems that often go undetected within big and small organizations around the world. At the 2018 Information Security Leadership Forum in Atlanta on April 5, Mayank Choudhary, Vice President of Products at ObserveIT, examined the key tenets of a successful insider threat program.
Today’s information security professionals are using artificial intelligence (AI), machine learning and other state-of-the-art technologies to alleviate cybersecurity issues. However, these technologies offer no guarantees, particularly when it comes to addressing both internal and external threats.
“Security is an ivory castle, and you have to protect that castle with many, many technologies,” Choudhary said. “But the fundamental concept of that castle is based on a core thought … that anybody outside the castle is bad, and everybody inside the castle is assumed to be good.”
Information security professionals need to look beyond the walls of the castle relative to cybersecurity. By creating an effective insider threat program, information security professionals can help a business respond to cyberattacks from both inside and outside its network.
Insider threats may arise due to a lack of cybersecurity education and training across a workforce. If employees are susceptible to phishing emails, for example, they risk downloading malicious files that can infect a company’s network. And in this scenario, even a single employee could put an entire organization’s sensitive data in danger.
Organizations sometimes ignore cybersecurity training programs, and doing so can be problematic. These organizations miss out on opportunities to teach workers how to identify and resolve cyberattacks before they escalate.
If information security professionals prioritize data loss prevention (DLP), they may be able to discover innovative ways to safeguard a company’s sensitive information. Perhaps best of all, information security professionals can use DLP technologies to ensure only authorized business users can access critical data. This may help a company limit the risk of costly, time-intensive data breaches that otherwise could damage a business’ brand reputation and revenues.
“The biggest asset is not just your data. It’s the people who are accessing that data,” Choudhary pointed out.
Although DLP technologies are valuable, they provide only a portion of the security that a business needs to safeguard all of its sensitive information, at all times.
“It takes an average non-technical person less than 2 seconds to bypass a DLP system,” Choudhary indicated. “You have to think through what purpose a DLP technology is resolving … because the problem is there, but the technology has not resolved it effectively.”
Ultimately, an insider threat program requires information security professionals to prioritize people, processes and technologies. This program also requires buy-in across an organization to ensure all employees – regardless of role or department – can work together to help a company address cyber threats.
Choudhary recommended information security professionals create insider threat teams within their respective organizations. These teams can help a business identify insider threats and determine the best ways to resolve these dangers as quickly as possible.
Furthermore, information security professionals must develop a plan that includes steps to mitigate insider threats. This plan may need to be updated periodically, and it can help an organization keep pace with a rapidly evolving cyber threat landscape. Information security professionals should develop an integrated insider threat hub, too. This hub may include tools and resources designed to empower workers with the insights they need to address cyberattacks.
A holistic approach to building an insider threat program can make a world of difference for information security professionals as well. This approach requires information security professionals to consider a business, its employees and its customers. Then, information security professionals can develop an effective insider threat program that accounts for key stakeholders. And as a result, information security professionals can use this program to ensure a company is better equipped than ever before to resolve insider threats.
“As you build an insider threat program, you have to think holistically,” Choudhary stated. “If you only look at your insider threat program from a security perspective, you will never have success.”