Insider threats and compliance risks are persistent challenges for many businesses. That is especially the case for companies that operate in highly regulated industries and store a lot of sensitive data. In 2022, the annual cost of an insider threat reached $15.4 million. Compare that to the annual cost of a data breach which topped $4.45 million in 2023. In the financial services industry, these losses topped $21.3 million and $6.4 million, respectively.
With stakes this high, it is little wonder that nearly two-thirds of compliance leaders surveyed in 2021 expected to spend more time and resources on managing risks in the future. But knowing that you need more resources is different from knowing what tools you need to implement and where.
Businesses need more than one solution to protect their users, mitigate risks, and protect their sensitive data. And at the same time, they also need to enable seamless yet stringent compliance. No single department can manage all these tasks alone.
Instead, security, compliance, privacy, legal, and human resources (HR) teams must work together. They also need to combine the capabilities of complementary technologies like:
- Proofpoint Insider Threat Management (ITM)
- Proofpoint Archive
- Proofpoint Supervision
This is how departments can become more efficient and effective. That goes for their efforts to detect and prevent insider threats, stay on top of their compliance risks, and enhance the security of the business.
In this blog post, we’ll look at three use cases that show the benefits of this approach.
3 Complementary technologies
Before we discuss the use cases, here’s an overview of each solution.
Proofpoint ITM
Around a third of data breaches are driven by insiders. If you want to effectively defend against insider threats, you need an ITM solution. Proofpoint ITM correlates user activity and data movement. It can quickly find suspicious behaviour and detect insider-led incidents. Security teams can use ITM to monitor all manner of user activities. This includes application use and website visits as well as file movement and file changes like renaming.
The visibility you gain with our ITM solution can help you minimise the time that is needed to detect and prevent insider incidents. It also helps you reduce human risk and minimise financial consequences and brand damage.
Proofpoint Supervision
Proofpoint Supervision uses deep insights and machine learning to monitor digital communications and ensure compliance. When there are potential regulatory, legal, compliance, HR, and reputational risks, it can flag them so that they don’t become serious issues.
Security teams can view all the risk data in a single dashboard. This includes how often a user violates policies as well as companywide trends. Real-time alerts can notify your compliance teams when queue thresholds are exceeded. All review activities are fully audited. Plus, it is easy to export the activity history into an industry-standard format for reporting.
Proofpoint Archive and Proofpoint Discover
These two solutions can help you to meet your long-term corporate and regulatory information retention requirements.
Proofpoint Archive gives you everything that you need for basic e-discovery. This includes real-time search and hold, and export capabilities. It simplifies legal discovery, regulatory compliance, and long-term data access. Archive has a central, searchable repository. This repository supports a wide range of content types from various sources. And it has easy search, discovery and supervisory review.
Proofpoint Discover gives you fast access to actionable insights. Its capabilities include:
- Advanced visualisation tools
- Technology-assisted review
- Case management
- Conversation threading
With Archive and Discover, you can be confident that your critical data is secure in a cloud-native archive that is compliant and easy to access.
Our solutions in action – 3 examples
ITM, Archive and Supervision are effective as stand-alone solutions. But they are most effective when you use their insights together to enhance and accelerate investigations.
When you combine these solutions with other controls and training programmes, your teams can be more proactive in how they monitor and respond to various insider-led scenarios. We have outlined three common use cases below. They highlight the synergies and benefits of using these solutions together.
Use case 1: Insider trading
The unauthorised use of company data is a major concern for any business. It is even more worrisome for a company that stores and processes massive amounts of sensitive data and intellectual property and needs to meet stringent compliance requirements.
Whether it is research and development, company financials, or merger and acquisition details, businesses must tread the line between allowing the right employees to access the right data and stopping accidental or malicious misuse and loss of data.
The scenario
An employee downloads a file from the corporate repository. The file has sensitive data that is related to a potential acquisition. The employee changes the name of the file to “Holiday Pictures” and uploads it to their personal cloud account.
The solution
- Proofpoint ITM detects the exfiltration of sensitive data and triggers alerts based on keywords.
- The employee’s activities – file download, rename, and upload – are tracked. This data is retained for further investigation.
- Proofpoint Supervision detects a potential insider trading ring that is discussing acquisition activity.
- All communication between the relevant parties is analysed and retained for the security teams to review.
- The “Network with List” visualisation in Proofpoint Discover highlights further communication connections that would not otherwise have been identified.
Use case 2: Employee harassment
A defence-in-depth strategy can help you to protect your people from cyberthreats. It can also help you to find and solve issues in the workplace. This includes abuse and harassment.
Cybersecurity tools can help to monitor user behaviour and analyse communication. This makes them highly effective tools for exposing toxic work environments, investigating grievances, and supporting claims of mistreatment.
The scenario
The HR team contacts the legal team because they need help looking into a possible case of employee harassment, which was detected by Proofpoint Supervision. Initial investigations are inconclusive. And the teams are unable to build a solid case. They need more context and visibility into staff communications. So, they turn to the security team to get more insights into the potential risky behaviour.
The solution
- The security team uses Proofpoint ITM search functions and filters to hunt for related threats.
- With timeline views, it maps a full picture of the event and its broader context. This provides insight into what happened before, during, and after the incident.
- Screenshots provide forensics evidence.
- The security team presents the user information back to legal and HR. It is delivered in an easily digestible visual report that ensures anyone who looks at it can interpret it quickly. This speeds resolution.
Use case 3: Employee departure
Eighty-two percent of the CISOs who were surveyed for the 2024 Voice of the CISO report from Proofpoint said that a departing employee had played a role in a data loss event. Employers have little recourse over ex-employees. That makes the chances incredibly slim that employers can find and recover their data once it is out the door.
However, there is a lot you can do to detect risky departing employees while they are still in working for you. These employees will often provide clues about their intentions in their communications and behaviour.
Advanced monitoring and investigation can help you spot the signs of potential data loss and risky behaviour – before it is too late.
The scenario
An employee sends a message saying that they’re about to resign and take on a new role at a competitor.
The solution
- The message is detected in a supervisory review. It is forwarded to the security team so that they can investigate further.
- The employee is added to a watchlist. All their messages and activities are monitored until they leave the company.
- Detection and prevention rules are implemented to block sensitive data exfiltration and other high-risk behaviours.
Stronger together
Today, risks are greater than ever. The modern way of working, cloud adoption, and high employee turnover mean data loss and compliance violations are much more likely. This is especially for financial services businesses.
To protect themselves, companies need visibility into risky behaviour and compliance issues. It’s visibility that enables various stakeholders to work together effectively. And this, in turn, speeds up investigations and helps everyone respond appropriately.
Combining insights from Proofpoint ITM and Intelligent Compliance helps security and compliance professionals to gain the context that they need to protect the business from insider-led data loss, fraud and other illegal activities. At the same time, they can ensure compliance with corporate policies and regulatory mandates.
Security, compliance and employee wellbeing are not jobs for one department to manage. They are responsibilities for everyone. When departments work together, they can support each other’s objectives, increase the efficiency of their processes, and create a more supportive and security-conscious culture across the board.
Find out more
Learn how Proofpoint ITM and our Intelligent Compliance solutions can complement the work of your compliance, privacy, legal and HR departments.