Building a human-centric insider risk program has become a key priority for most federal and critical infrastructure organizations.
But how do you get started? How do you do it justice?
There are no short cuts, but thanks to a recent DTEX-hosted discussion at H-ISAC, we now have some imperative insights that can be actioned immediately.
Speaking on the topic, ‘Building a human-centric insider risk program for the early detection and prevention of data loss’, were:
Dr. Deanna Caputo: Chief Scientist of Insider Threat Research & Solutions and Senior Principal Behavioral Scientist for Insider Threat, MITRE Corporation
Scott Rossi: Senior Director – Head of IT Security Engineering, Gilead Sciences
Stewart Draper: Director of Security, AbbVie
Mohan Koo (Moderator): Co-founder and President, DTEX Systems.
This blog delves into the key takeaways for building a human-centric insider risk program.
Timestamps:
1.05: Introductions
3.03: People, processes, technology, governance (Stewart Draper)
5.45: Data: Quality over quantity
11.07: From reactive to proactive insider risk management (Scott Rossi)
16.00: Privacy
19.03: Identifying the right stakeholders for your program
21.35: The power of human behavior, and why ‘cyber first’ always fails (Dr. Deanna Caputo)
26.10: Insider threat vs insider risk
28.49: MITRE Insider Threat Framework Initiative (Dr. Deanna Caputo).
The Takeaways
The Foundation: Buy-In and Enterprise Support
The cornerstone of any successful insider risk program is securing buy-in from all levels of the organization. This isn’t merely about financial support; it extends to garnering data, having governance in place, and gaining the full backing of the entire enterprise. The four essential elements for program success are: people, processes, technology, and governance. The alignment of these elements ensures not just financial backing but also support in terms of resources, processes, and the cultural shift necessary for an impactful program.
The Importance of Quality Data
Amassing data is crucial, but drowning in excessive data can be counterproductive. Instead, focus on data quality. Data should be collected, processed, and stored in a well-structured manner. User Behavior Analytics are vital in this context, as they utilize machine learning to detect anomalies in behavior. However, the success of UBA hinges on the quality of the data fed into it. Planning, precision, and a deep understanding of the desired outcomes are necessary when dealing with data.
Addressing Human Factors
Insider risks primarily stem from human behavior, making it imperative to understand and address this aspect. Technology alone cannot fix the problem; a holistic approach is required. Organizations must recognize that insider risk is a business-wide issue, and understand that technological solutions are only effective when they are integrated into a comprehensive program focused on people’s behaviors and intentions.
Transitioning from Reactive to Proactive
A successful insider risk program should evolve from a reactive stance to a proactive one. This journey involves creating use cases that add immediate value while simultaneously building capabilities for long-term proactive risk mitigation. Identifying and developing skill sets within the existing team, focusing on behavioral indicators, and correlating data are all crucial steps in this transition.
Collaborative Engagement
The success of an insider risk program hinges on collaboration across various stakeholders. Engaging legal, HR, IT, security, privacy, and other relevant departments ensures that all perspectives are considered and aligned. Establishing documented guidelines for engagement, particularly with privacy regulations, helps to ensure smooth program implementation and gain critical support.
Redefining Insider Threat
Insider risks should not be categorized solely as malicious actions. Negligence and mistakes by employees can also create vulnerabilities that malicious actors exploit. The key is to identify vulnerabilities and create a culture of support and improvement rather than blame.
Insider Vs Outsider Threat
Insider threats differ significantly from external attacks and require a distinct framework. A collaborative effort is underway to develop an insider threat framework based on real data and case studies. Building this framework requires community involvement and transparency to address this unique challenge effectively.
Building a human-centric insider risk program demands a holistic approach that integrates people, processes, technology, and governance. By adhering to these key takeaways, organizations can create sustainable and effective insider risk programs that protect sensitive information, prevent data breaches, and ensure the overall security of their operations.
DTEX & MITRE: Accelerating FVEY Insider Risk Capability Maturity
In 2020, DTEX and MITRE partnered on the world’s largest data-driven study on insider threats to assist critical infrastructure entities across the Five Eyes. The study, Inside-R Protect, has generated a wealth of data-driven insights that are now being leveraged to develop the world’s first Insider Threat Framework.
For more information or to discuss your interest in Inside-R Protect or the Insider Threat Framework, request a confidential briefing.