In last week’s blog I explained what Insider Threats were, and why organizations should be taking the risk that they pose seriously. This week I’ll be explaining how the organization should approach the issue of insider threat and how you can take the first steps to assessing your level of Insider Threat preparedness.
First and foremost, it’s important to talk about who is responsible for identifying an insider threat – and no, the answer isn’t ‘the cybersecurity team. Combating insider threat is not the exclusive responsibility of the IT department or security team, instead there needs to be an agreement across cross functional business units including:
Physical security is important for preventing access to an organization’s secure areas where sensitive data may reside. In one instance reported by the Certified Insider Threat Center at Carnegie Mellon University, a contract programmer tricked a janitor into unlocking another employee's office after hours. He switched the door's name plate and requested that the janitor let him into "his" office. The programmer, who had already obtained employment with a competitor, was able to download sensitive source code onto removable media.1
Legal teams should take responsibility for ensuring the organization manages insider risk in a legally defensible manner that considers laws and regulations such as GDPR.
Human Resources is arguably one of the most important departments in the cross-departmental combat of insider threats. Ultimately there is a human element in every single breach – whether it’s a discontent employee intending to profit from or damage their employer or an accidental click on a phishing email. The HR team can play a role in implementing security training policies, onboarding, tracking terminated employees and providing a watchlist of employees who meet certain behavioral indicators.
Senior management plays an important role when it comes to enforcing company policies as well as reinforcing a positive working culture.
Organizations need to plan ahead to help identify and protect their data and as you can see from the above responsibilities, best practice for combating insider threats is not only technology driven but also process driven, and it’s important that organizations have these processes in place to help prevent and identify insider threat incident from occurring.
Assessing your preparedness
So, let’s look at how organizations can assess their level of insider threat preparedness. I’ve pulled together a top-level check-list of areas that should be considered in order to build a robust insider threat program. If you struggle to tick any of these boxes, then it’s probably a good time to start implementing some change.
The 4 control areas listed are not intended to be used for compliance purposes, but to assist organizations in improving their security posture against an insider threat. Most organizations will find that several insider threat protections controls also align with other frameworks and regulations, of which they already comply.
Check back for my blog next week as we dive into the technology and features that can help mitigate the risk of insider threat.