We’ve heard varying stories from our customers of how they focus on preventing and detecting Insider Threats in their environment. For some, especially those in Financial Services, Insider Threat is an openly discussed topic, one that executives and board members are well aware of and want to know that you’re protecting the organization from the misdeeds of insiders. Other customers, from less traditional, more ‘Internet-based’ organizations tell us that openly discussing Insider Threat is a delicate subject, where it may seem ‘impolite’ or repressive to speak in a disparaging manner about their employees or partners. Our viewpoint on Insider Threat is that whether your organization openly welcomes the discussion or not, the threat of data breach incidents from malicious insiders is real, and you need to know when, where and how these incidents are occurring, and to deal with them immediately.
We’ve learned from the most recent Verizon Data Breach Incident Report that more than a third of data breaches were perpetrated by a malicious insider, and that the cost per incident is averaging $412K. Insider attacks are often the most costly information security incidents to any organization, and whether the style of your organization is to discuss and work these types of issues out in the open, or in a more confidential manner, the threat is real and the need is critical to detect insider threats early, and to speed up your response time to real incidents.
It’s never easy to discover that a trusted employee, contractor or business partner is betraying the trust that they’ve been afforded. No organization is happy to discover that valued and trusted insiders have intentions which can be described as malicious, fraudulent, industrial or national espionage, theft of intellectual property or even sabotage. It may be difficult to comprehend and digest inside your organization, and yet it’s still your responsibility to discover, eliminate and deter this behavior. Also, consider the thought that the risky behavior or malicious activity taking place may be perpetrated by an outsider who has somehow gained access to a valued insider’s identity, especially an insider’s account with elevated systems or access privileges. Think of the Edward Snowden case as an extreme example of this behavior and another reason that organizations need to analyze insider user behavior and their use or abuse of access privileges.
How to deal with this? It’s critical that you have information immediately at hand that detects patterns of behavior and provides visibility into network activities that point to indicators of risk. Early detection aids directly in your ability to respond to and deal with real incidents. You may already have a collection of tools in place that are designed to protect your organization from external threats. You may have terabytes or petabytes of log information that you are struggling to make sense of. Maybe a SIEM is being used to collect and help analyze security incidents and events. Yet, how well are these traditional tools helping you to make sense of non-ruled-based or non-signature-based threats?
Traditional security tools are not equipped to detect advanced attack scenarios. What’s needed is a new way to examine the vast amount of insider user behavior through advanced tools. User behavior analytics can provide the insight and level of intelligence required to discover, investigate, and remediate real incidents. The power of advanced user behavior analytics, delivered through a combination of machine learning algorithms, easy-to-use investigative tools and scalable, big data, Hadoop backends will provide the analytical power and security risk intelligence required by your security analysts to protect your organization.
Optimize the use of your valuable time and energy and utilize advanced access intelligence and analytics to detect, contain and deter insider threats. Invest in security threat intelligence solutions that deliver a 360° view of identity, access and activity profile information, user behavior analytics, and self-learning continuous anomaly detection.
And, be certain to both love and continuously assess the behavioral risk of your most valuable organizational asset, your people.