How to protect against the threat within

Insider threats are extremely common in today’s operating environment. Preventing them requires a combination of updated processes and new technology

Richard Agnew
By Richard Agnew on 19 February 2020
How to protect against the threat within

Over a third (38%) of information security leaders admit that their company suffered a breach of intellectual property in the last 18 months, according to Code42’s 2019 Data Exposure Report. Why is insider threat still so prevalent today? 

First, files are widespread in organisations and they’re highly portable. This is because CEOs and IT departments have put in cloud-based tools like Slack, Office365 and G Suite to make it easier for users to share files and collaborate with peers.

At the same time, too many companies today have a gap in their data security technology stack. How so? Over two-thirds (69%) of organisations say they were breached due to an insider threat and confirm they had a traditional data loss prevention solution in place. To better manage insider threat, companies need a combination of updated processes and new technology.

On the process side, there are a number of fundamentals that must be ticked off. First, be transparent. Tell your users about your insider threat programme. This alone will deter far more internal risks to data than a covert programme will.

Second, display a login banner that reminds users they are accessing a private computing facility. Here you should define, share and regularly reinforce your data use and ownership protocols. This is critical as nearly three-quarters of knowledge workers feel entitled to their work.

Next, it’s important to hold regular security awareness and training sessions to reinforce the right behaviours.

Finally, put in place a process for protecting against data exfiltration during off-boarding. All people who leave an organisation should be reviewed to ensure they have not taken critical company data. If organisations aren’t collecting their data, a valuable asset, it’s an outright miss.

Once these fundamentals are in order, turn to technology. Put in new insider threat technology that detects anomalous file movements across cloud and non-cloud vectors so that both malicious and unintentional actions can be investigated. Importantly, the technology must not inhibit file sharing and collaboration.

When you’re buying a product for an insider threat programme, think about a holistic product, not just a point solution. Look for an insider threat solution, like Code42, that allows you to detect, investigate and respond to internal data threats across endpoint, cloud and email vectors. 

Without a combination of processes and technology in place, you might as well watch your trade secrets fly out of the door. Now with Code42, information security teams can rapidly mitigate data loss, leak, and theft, and protect their business effectively from the threat within.    

Richard Agnew is vice president of EMEA at Code42

This article was originally published in the Winter 2019 issue of The Record. Subscribe for FREE here to get the next issues delivered directly to your inbox.

Number of views (1311)/Comments (-)

Comments are only visible to subscribers.

Theme picker