Insider threats are an area of cybersecurity that the team here at Proofpoint takes very seriously. Since joining the company in October 2020, I've been eager to see how Gartner would cover this challenging segment of the cybersecurity market. In the recently published 2020 Market Guide for Insider Risk Management Solutions, Gartner provides some actionable guidance for organizations on how these solutions can align to your security programs.
While this market's origins were in employee monitoring, Gartner appears to have made a very deliberate choice to cover insider risk as a multidisciplinary topic. Before getting into some of my thoughts on the latest Market Guide, I wanted to take a moment to congratulate the Gartner analysts on publishing a great piece of research that I'm sure will evolve further and help both vendors and end users make sense of this emerging market.
Following are my thoughts on the Market Guide
The use of "Insider Risk" in the Market Guide title is on point
I could not agree more with this approach. Insider risk is a superset of insider threats, and Gartner smartly calls out that "the modern risk landscape stretches beyond technical abuse to include theft of proprietary information, creation of false invoices or spurious payroll entries, and other acts of digital embezzlement." Simply put, throwing products at the problem without a supporting program, or merely layering context onto your legacy data loss prevention (DLP) program is not the answer.
Gartner defines "An insider threat is a malicious, careless or negligent threat to an organization that comes from people within the organization — such as employees, former employees, contractors or business associates — who have inside information concerning the organization's security practices, data and computer systems." We believe this very closely maps to Proofpoint's view of users as negligent, malicious, and compromised. Just looking for data events without the added insight of the type of threat actor is not optimal or efficient in an insider threat program.
New Ponemon Institute Study: Insider Threats Lead to Big Losses and Significant Costs is referred in the report
The 2020 Ponemon Institute Cost of Insider Threats Report is a great source of primary research. It can help provide supporting metrics for you to build the case for your organization's insider risk management program.
I recently recorded a podcast with Dr. Larry Ponemon to discuss another great report, Analyzing the Economic Benefits of Proofpoint Insider Threat Management. These two reports should be foundational in establishing the economic support for your program, as well as soliciting internal support in your organization for insider risk.
Successful insider risk management brings technology silos together
Gartner calls out a few of these areas in its Market Guide, including social media compliance, cloud service usage monitoring, mobile monitoring, and information governance platforms. In the current "work-from-anywhere, data is everywhere" world in which we live, point technologies and separate programs will need to contribute to how they solve risk management in a holistic and meaningful way.
It takes a proverbial village to be successful with insider risk
The recommendations in the Gartner Market Guide are actionable. They cover consensus-building with legal, human resources, privacy and risk management teams, and most importantly, how to develop a proper business case.
Every organization needs to understand the "monitoring versus surveillance" paradigm and how their technical controls could work with—or contradict—their existing security programs and policies.
Read the Gartner Market Guide for Insider Risk Management Solutions to learn more. The report is available for download on the Gartner website.