Insider risk is any user-driven data exposure event, either malicious, negligent, or accidental in nature. As insider risk grows, the standards for security teams today are edging on impossible: You're expected to have comprehensive visibility and context around risk in your environment. You're asked to act with lightning speed and 100% conviction — but also show careful sensitivity to employee privacy. And of course, you can't slow down productivity or impede collaboration. Your strategies and actions need to fit with corporate cultures that prioritize openness and collaboration.
Security Teams Don't Have the Tools They Need to Manage Insider Risk
Here’s the thing: When we talk to peers in the field, they tell us these expectations aren’t the problem; it’s the tools. Most organizations are still using conventional data security tools like data loss prevention (DLP), cloud access security broker (CASB), and user entity behavior analytics (UEBA) — complex tools that focus on blocking and rely on painstaking data classification and policy management. And this approach just isn't keeping up. A whopping 74% of companies that have experienced a data breach caused by insiders already had a data protection solution like DLP or CASB in place. So, what does a better solution for insider risk look like?
Is It Effective?
The first, most obvious criteria is: Does it do what you want it to do? That depends on who you're talking about, because effectiveness means one thing to security teams (those tasked with managing insider risk) and often something very different to end users and business leaders.
Is It Focused?
Seeing everything is powerful, and it's absolutely essential to understanding and mitigating insider risk. But seeing everything — unfiltered — is also overwhelming. Security teams need a clear signal of risk to act effectively. That means they need a solution that is smart enough to recognize what is trusted versus untrusted activity and tune out the deafening noise of harmless everyday activity — so they don't get buried in alerts and plagued with alert fatigue. They need a solution that prioritizes risk based on what the business does and does not tolerate in order to understand the nuance of each insider risk event.
Is It Fast?
What about speed? Time is money with insider risk. We're talking about sensitive data and valuable IP getting exposed. The longer it takes to respond, the higher likelihood of serious impacts — legal costs to recover data, lost competitive advantage, and reputation damage echoing long into the future. So, a solution that's effective and focused isn't worth much unless it enables a security team to act fast — with conviction — to mitigate insider risks. Insider risk is growing and managing it is vital to both security and governance, risk, and compliance (GRC) teams and the broader organization.
Discover a new approach to Insider Risk Management at http://code42.com/showme.
About the Author
Mark Wojtasiak is co-author of the book Inside Jobs: Why Insider Risk is the Biggest Cyber Threat You Can't Ignore, vice president of portfolio marketing for Code42, and frequent cybersecurity blog contributor. In his role at Code42, he leads the market research, competitive intelligence, and product marketing teams. Mark joined Code42, a leader in insider risk detection and response, in 2016, bringing more than 20 years of B2B data storage, cloud, and data security experience with him, including several roles in marketing and product management at Seagate.