Understanding Insider Threats: Insights from Gartner Symposium/ITxpo
Insider threats have become a huge problem for organizations around the world – just turn on the news and you’ll see the latest set of compromised companies dealing with the severe consequences of an insider breach – brand damage, lost customers, lost revenue, issuance of regulatory fines, employee safety... and the list goes on and on.
The point here is that most companies lack the expertise to identify insider threats, yet any organization with sensitive data can and likely will be affected. The good news for companies is that preventing insider threats isn’t as daunting as one might think. The technology to proactively identify threats has undergone a significant evolution, addressing previous impediments such as a lack of contextual information, an abundance of false positives and high costs.
Andy Ashmar, Manager of Insider Threat Services of Leidos, and Mark Bennett, VP of Business Development of Interset, recently presented at Gartner Symposium/ITxpo on how to stand up a program that works in a range of different scenarios using the latest user and human behavior analytics and machine learning technologies.
They key is to use data your organization already has access to in order to identify at-risk employees so you can prevent insider threats before it’s too late. Every organization has all the data they need – it’s a matter of working cross-functionally to obtain it (HR, IT, Security, Compliance) – then analyze the data to determine at risk individuals.
Highlights from the presentation include:
- The three faces of insider threat – not all insiders have malicious intent. The Negligent insider jeopardizes the company through careless actions and disregarding security protocols. The exploited insider is deceived by external third parties or compromised credentials. And lastly, the malicious insider willfully abuses privileged access to harm the company of its employees
- Proactive vs. Reactive Insider Threat Detection – this requires continuous monitoring, continuous evaluation of both human and IT related behavioral indicators and evaluation of employee attributes
- Risk Indicators – a proactive and holistic insider threat program focuses on all aspects of an employee’s behavior – both network footprint and behavioral indicators
- Bringing it all together – how UBA and Machine learning technologies help proactively detect insider threats