16 Smart Steps Toward Building A Robust Insider Threat Program

Free Services to help you during COVID-19 Learn More

Support Request a Demo Contact Us Blog
AI Impact on Society/artificial intelligence

Expert Panel | Forbes.com »

Hackers on the outside aren’t the only cybersecurity concern companies need to worry about these days: Insider threats present a growing issue that businesses must address. According to a study by Ponemon Institute, the average global cost of insider threats in 2020 was $11.45 million—a 31% jump from 2018. Insider threats encompass both intentional and accidental acts, so it’s essential for companies to develop a holistic approach that combines enhanced security measures with education.

The smallest of cracks can lead to devastating consequences for a company, so it’s important to carefully consider all potential risk vectors when creating an insider threat program. To help, 16 industry experts from Forbes Technology Council have shared essential steps companies should take to build a truly robust insider threat program.

1. Start With A Caring Culture

Security starts with culture. This means talking about security openly and often, leaning in and investing to show your employees you care through training, SOC II investments and more. As team members leave the company, they need to stay connected. This can mean they retain a portion of the company or stay informed and included through e-news updates and alumni events. – Saikat Dey, Guardhat Inc.

2. Implement Zero Trust

The move beyond the company perimeter brought about by remote working, along with the increase in data breaches, renders the concept of trust extinct. That’s why businesses must implement zero trust, built on the principle of “never trust, always verify.” Implemented along with encryption to protect data at the source, zero trust will ensure that access to your organization’s data is continually verified. – Alex Cresswell, Thales Group

3. Get Buy-In From All Departments

Getting stakeholder buy-in from all departments across the organization is critical. When organizations are building an insider threat program, the HR and legal departments are often overlooked, yet they provide some of the most critical context. Safely monitoring employee behaviors starts with deciding what user data should be collected and how that data should be analyzed to detect risky anomalies in real time. – Saryu NayyarGurucul

4. Approach Risk Management As A Strategic Opportunity

Historically, risk management has been viewed as necessary, but not integral, to a business’ operations. We need to think about risk management differently, treating it as a strategic opportunity to deliver bottom-line benefits. Taking a holistic approach involving the entire organization in identifying and assessing insider threats will help improve decision making and better protect assets over the long term. – Matt Kunkel, LogicGate

5. Pair Access Control With Monitoring And Detection

Security by design is the key here. An organization needs to have robust access control management along with enhanced monitoring and detection techniques in place. Applying the principles of least privileged access and separation of duties is very critical to prevent insider threats. Complement these strategies with privileged access management methods. – Lalit Ahluwalia, Wipro Limited

6. Inspect Outgoing Data

Get back to basics: Back in the day, you couldn’t leave the office without a security guard checking your briefcase. A comparable technique in the virtual world is to inspect outgoing data and messages for any suspicious content. – Arie Brish, cxo360

7. Monitor Your Most-Used Applications

Don’t overthink it. Most solutions on the market drive you down a path of overcomplicating the problem. Dip your toe in the water by monitoring activity around the main applications your workforce uses daily, such as G Suite, Microsoft 365 and Salesforce. This is the best proxy you’ll find to figure out who is really who, who is being careless, and/or who is the real threat. – Grant Wernick, Fletch

8. Automate Event Analysis

Start looking at AI-powered threat-prevention solutions. The volume of threats is just too large for any cybersecurity team to detect, prevent and respond to. With AI solutions, much of the work of event analysis is automated, easing the burden on cybersecurity teams and complementing their work to secure an organization’s data and infrastructures—especially their rapidly growing cloud infrastructures. – Juliette Rizkallah, A Cloud Guru

9. Set Up Role-Based Access Control

Role-based access control is the best defense against insider threats. It ensures individuals are not erroneously allowed access to escalated privileges. If an organization isn’t maintaining appropriate levels of critical system access—especially as distributed workplaces and the “bring your own device” culture become the norm—the threat of insider attacks will only continue to grow. – Brian Spanswick, Cohesity

10. Carefully Steward Your Data

Know your data. Audit it, sample it and inventory it on a continuing basis. Seek to deeply understand its creation/collection “origin story,” its sharing and collaboration profile, its relative sensitivity, who uses it and how, and who it’s shared with internally and externally. Know what its useful lifetime is and how best to decommission/destroy it when it’s no longer needed. – Sean Steele, Infolock

11. Record All IT Activity On Your Network

Just as security cameras inside buildings continuously record entrances and departures, companies must continuously record all of the IT activity on their network. Proven to reduce insider threats, network detection and response systems can record a year’s worth of activity using limited storage. These systems use artificial intelligence and machine learning to provide real-time surveillance without storing any personal information. – Patrick Ostiguy, Accedian

12. Map Your Data And Watch For Risky Behaviors

Map your company’s data, identifying all entry and exit points and all the employees, contractors and third parties who have access to it. From there, it comes down to training and monitoring. Reinforce existing policies—especially for employees who consistently break the rules or make mistakes—and diligently watch for the warning signs that indicate risky employee behaviors. – Edward Bishop, Tessian

13. Build An Auditable System That Logs User Actions

One essential step is building an auditable event logging solution surrounding your critical data and systems. The ability to track a user’s actions is of paramount importance; however, this will only ever be effective if the control and approval of users’ accounts and privileges follows a robust and auditable process. – Eoin Keary, Edgescan

14. Provide Ongoing Training For Those On The Front Lines

The most important step is to educate and train the individuals in your organization who face risk. Cybercriminals evolve their attacks, and employees need awareness training to help them know how to spot scams and attacks. Most employees are on the front lines; the more aware they are, the better off an insider threat program will be. Protecting against threats involves everyone taking a role in defense. – Michael Xie, Fortinet

15. Encourage Questions

Create an open culture where everyone is encouraged to learn and ask questions freely and without consequences. This allows you to educate your teammates to prevent insider threats. It also allows you to address them effectively when they occur. That is how you build a robust insider threat program. – Olga V. Mack, Parley Pro

16. Provide Support For Your Team Members

In our organization, every programmer has a mentor. They’re also engaged in regular one-on-ones to talk about life, family and other non-job-performance issues. Dehumanization goes hand in hand with hacking. – Meagan Bowman, STOPWATCH

Building A Robust Insider Threat Program
External Link: 16 Smart Steps Toward Building A Robust Insider Threat Program

Share this page:

Related Posts