Global and international
risk analysis show that the largest risk in organizations comes from insider
threat and not from external cyber-attacks. In most cases, it’s not a malicious
employee but someone that was manipulated by social engineering techniques by
another college or external person in order to gain insider access. Theft of
intellectual property is an increasing threat to organizations, and can go
unnoticed for months or even years.
Another common insider
theft is when employees taking proprietary information when they believe they
will be, or are, searching for a new job.
Current or former
employees, contractors, or other business partners who have authorized access
to an organization's data pose one of the greatest risks. What is an
insider threat? It's the risk of misuse of access privileges to steal, leak or
destroy customer, company or employee data. So how do you actually detect
questionable actions and access abuse once a user logs in? The large
volume of data generated through normal user activities and lack of visibility into actual user behavior
makes detecting insider based exposures of sensitive data nearly impossible.
Insider Threats represent a major security blind-spot where an increasing number of
today’s security incidents occur.
Addressing Insider
Threat requires that organizations detect abnormal user behavior and educate
their employees about the risks of protecting their accounts being used as a
conduit for others to obtain sensitive data. Most organizations rely on system
logs from applications and devices that typically contain hundreds or thousands
of discrete events in obscure technical language, making it nearly impossible
to determine what a user actually did, let alone proactively determine if their
credentials were hijacked.
With ObserveIT’s user activity monitoring
solution you’ll know when users put your business at risk. The software
can detect and alert on application usage that indicate insider risks becoming
insider threats. ObserveIT screen scrapes all activity and indexes the
textual information on the screen, so you’ll know what’s happening in all
applications, even applications that do not generate logs. You’ll have a clear
picture, literally, of all user actions across your entire enterprise including
web apps, legacy applications, and custom or homegrown applications.
For signs of heightened insider threat you can
setup alerts and generate reports to detect abnormal behavior with how users
are interacting with important data as well as have a visual playback of
exactly what each user did. This provides the early warning system needed to
reduce your risk and strengthen your security posture.
How to get started
For an organization to combat
(Detect, Mitigate, Prevent) insider threats, it needs to establish a
comprehensive and integrated insider threat program that is comprised of
individuals from various departments, business units and supporting functions.
Because each organization is unique, the structure of the insider threat
program may be different. The end result for any insider threat program is the
identification of suspicious or malicious activities and behavioral indicators
by the insider, as these are crucial in limiting or neutralizing the potential
damage that may be caused by an insider threats.
Starting the insider threat
program is a business initiative and will require buy in at the executive level
because it will touch almost every part of the organization, including
security, IT, HR as well as legal and privacy. Building consensus at the
executive level for all of the business units mentioned above will enable those
managing the insider threat program to have the appropriate oversight.
