We’ve heard varying stories from our customers of how they focus on preventing and detecting Insider Threats in their environment. For some, especially those in Financial Services, the malicious Insider Threat is a hot topic. That is to say it is one that executives and board members are well aware of, and want to know that you’re protecting the organization from. Other customers, from less traditional, more ‘Internet-based’ organizations tell us that openly discussing Insider Threat is a delicate subject, where it may seem ‘impolite’ or repressive to speak in a disparaging manner about their employees or partners. Our viewpoint on Insider Threat is that whether your organization openly welcomes the discussion or not, the threat of data breach incidents from malicious insiders is real, and you need to know when, where and how these incidents are occurring, and to deal with them immediately.
1/3 of Data Breaches Perpetrated by a Malicious Insider
The most recent Verizon Data Breach Incident Report more than a third of data breaches are by a malicious insider, and that the cost per incident is averaging $412K. Insider attacks are often the most costly information security incidents to any organization, and whether the style of your organization is to discuss and work these types of issues out in the open, or in a more confidential manner, the threat is real and the need is critical to detect insider threats early, and to speed up your response time to real incidents.
It’s never easy to discover that an employee is betraying the trust that they’ve been afforded. No organization is happy to discover that insiders have malicious intentions. It may be difficult to comprehend and digest, yet it’s still your responsibility to eliminate behavior. Also, consider the thought that the risky or malicious insider activity taking place may be perpetrated by an outsider. Someone who has somehow gained access to a valued insider’s identity with access privileges. Think of the Edward Snowden case as an extreme example of this behavior. It’s another reason that organizations need to analyze insider user behavior and their use or abuse of access privileges.
How to deal with this?
It’s critical that you have information immediately at hand that detects patterns of behavior and provides visibility into network activities that point to indicators of risk. Therefore, early detection aids directly in your ability to respond to and deal with real incidents. You may have a collection of tools in place to protect your organization from external threats. You may have terabytes or petabytes of log information that you are struggling to make sense of. Maybe a SIEM is in use to collect and help analyze security incidents and events. But how well are these traditional tools helping you to make sense of non-ruled-based or non-signature-based threats?
Traditional security tools are not equipped to detect advanced attack scenarios. What’s needed is a new way to examine the vast amount of insider user behavior through advanced tools. User behavior analytics can provide the insight and level of intelligence required to discover, investigate, and remediate real incidents. Advanced user behavior analytics is delivered via machine learning algorithms, investigative tools and scalable big data. Hadoop backends provide the analytical power and security risk intelligence required to protect your organization.
Optimize the use of your valuable time and energy and utilize advanced access intelligence and analytics to detect, contain and deter malicious insider threats. Invest in security threat intelligence solutions that deliver a 360° view of identity and user behavior analytics.
And, be certain to both love and continuously assess the behavioral risk of your most valuable organizational asset, your people.