As you probably know, October is National Cybersecurity Awareness Month. Following on the heels of the newly created Insider Threat Awareness Month, NCSAM is celebrating its 16th year (yes, the internet has been around that long…)
This year, the theme is Own IT. Protect IT. Secure IT. This framework is a great reminder that the responsibility for protecting data and assets is a distributed one, and we must each do our part—from individual consumer to the largest global brands.
At Proofpoint, our focus is squarely on the common and commonly overlooked Insider Threat, so this month we want to highlight how the principles of Cybersecurity Awareness Month can be applied within a business environment, where insiders bring both value and risk to the entire organisation. Let’s dive in.
Own IT: Empower & Educate Your Users
FBI Advice: Understand the devices and applications you use every day to help keep you and your information safe and secure.
The Insider Threat Take: There’s a common misconception that Insider Threats are always malicious in nature. In reality, employee and contractor mistakes cause two out of three Insider Threat incidents. This is where user education and Insider Threat awareness training can make a big difference.
Take a proactive approach to Insider Threat prevention by:
- blocking out-of-policy user activity
- providing security policy reminders
- showing users warning prompts
- blocking apps when necessary and appropriate
All of the above will help your employees and third parties understand and recognise when their behaviours are accidentally putting the company at risk (as well as preventing some intentional Insider Threats). Combined with Insider Threat awareness training, these preventative measures can easily stop the majority of Insider Threat incidents from happening at all.
Protect IT: Level Up Your Current Protections
FBI Advice: Apply additional layers of security to your devices—like multi-factor authentication—to better protect your personal information.
The Insider Threat Take: Data exfiltration is one of the most common types of Insider Threats that we see out there. A recent study from McAfee found that 61 percent of security professionals have experienced a data breach at their current companies.
Many organisations look to traditional security defenses like data loss prevention (DLP) solutions to help prevent data exfiltration. While these tools may have their place, they often fall short in detecting data exfiltration from Insider Threats. Most organisations would benefit from adding additional layers of security to their Insider Threat defenses.
Specifically, organisations should adopt a dedicated Insider Threat management solution to prevent data exfiltration. An Insider Threat management platform relies on a combination of user and data activity monitoring. While DLPs focus on the data alone, user activity monitoring provides necessary context into who’s doing what, when, and why.
Secure IT: Balance Privacy and Security
FBI Advice: Be familiar with and routinely check privacy settings to help protect your privacy and limit Internet-enabled crimes.
The Insider Threat Take: Privacy matters, especially in the face of new regulations like EU GDPR. In fact, privacy and security are—and should be—joined at the hip. In fact, detecting suspicious user and data activity and maintaining employee privacy in the era of GDPR has actually led to a maturation of Insider Threat management as a security space.
Previously, most security tools did not offer any user anonymity features or other privacy protections. They operated on good faith that anyone accessing security data was a good guy. However, today, more and more organisations realise that Insider Threats can crop up anywhere.
As a result, security teams adopted administrative controls to meet compliance requirements like GDPR. We strongly recommend that companies anonymise all user data in their Insider Threat platform, so that initial alert triage doesn’t require knowing the user’s identity. Once it’s clear that an investigation is required, only senior analysts are permitted to view the user’s identity (moreover, using secondary authentication and maintaining an audit trail).
These best practices protect users’ privacy while enabling companies to carry out necessary security investigations when an Insider Threat incident arises.
Insider Threat Management as a Best Practice in 2019
The three areas of focus above are part of an overall Insider Threat management program that any large organisation should undertake as a means to reduce risk. October’s National Cybersecurity Awareness Month is a great time to evaluate your current Insider Threat capabilities, identify areas for improvement, and make a plan to continue improving your security and privacy capabilities in 2020 and beyond.
Want more information about how to build a successful Insider Threat Management Program? Check out our Ultimate Guide: