(Updated on 11/02/2020)
Managing insider threats requires a people-centric approach. Learn about the size of this problem and why a people-centric problem requires a people-centric solution.
The Growing Insider Threat Problem
By the numbers, insider threats are increasing. In fact, insider-driven incidents are quickly becoming one of the greatest risks that organisations face today. They are responsible for three million records stolen every day and 57% of all database breaches last year (Verizon DBIR 2019).
They are difficult to spot and persistent, too. Research also shows that the average time to spot and contain an insider threat is a massive 77 days and just 13% of incidents are caught within 30 days (forthcoming, Ponemon 2020).
With these stats on the rise, it’s no great surprise that insider threats are becoming a board-level issue. However, many organisations continue to misunderstand both the problem and the solution. Here’s what you need to know.
A People-Centric Problem
In modern business, there are many types of threats that arise which have people at the heart of them. The form of the threat can range from business email compromise to phishing to social engineering. Sources may include:
- Inbound email
- Internal email
- Cloud accounts
- Personal webmail
- External hardware
That’s just to name a few.
This wide and complex range of threats that your users are exposed to means that it's key to building a people-centric security program—one that understands how people-centric problems arise and why people-centric solutions can best mitigate them.
There are many tools on the market that claim to help teams deal with the wide range of threats that are out there. However, many of them are far more focused on data than on people, and this fundamentally miscalculates the problem. You can invest in expensive tooling and a large security team, but without context and visibility into what people are doing on and off the network, you won’t have much success.
A People-Centric Solution
The end goal? Make your users more resilient.
Many users want to do the right thing but may not have sufficient education when it comes to security best practices. Security awareness, training and education play a very important role in mitigating risks, including insider threats.
For example, if an email comes in with an address that is not recognised, how likely are your employees to notice and flag it for the security team?
Beyond better training for your insiders, it’s key to invest in security solutions that provide the necessary context and visibility to understand who was really behind an incident; what they did before, during, and after the incident and why they acted as they did.
Incidents happen. Threats arise. Rather than hoping for the best, it’s key to make a realistic plan—one that puts people at the center of your security strategy.