I recently sat down with CyberBytes podcast host and co-founder of Aspiron Search Joseph Cooper to discuss the insider threat and the real risk to enterprises.
In this episode, I talk about the some of the real-life investigations that the DTEX i3 team has been involved in and draw on some of the key findings from our 2023 Insider Risk Investigations Report.
Key topics covered include:
- What exactly the insider threat is and why is it so important
- The difference between insider risk and insider threat
- The motivations and reasons for the insider threat
- What enterprise executives can do to mitigate the insider threat and much more.
You can listen to the full episode, watch it below, or continue reading for a quick summary of our conversation.
CyberBytes Recap: The Insider Threat and the Real Risk to Enterprises
An insider risk results from an action that a person takes which expands the company’s attack surface. An example of this is an employee that uses ChatGPT to check source code. The exported code lives in ChatGPT, and bad actors can take advantage of that information to find exploits in a target company. That’s why many companies, including Samsung, have banned ChatGPT.
Insider threats are a subset of those who handle your data, and are considered further along the Insider Threat Kill Chain (i.e. closer to exfiltration). Threats are characterized by their malicious intent. They’re the employees, vendors, or partners who plan and execute actions to steal or leak sensitive data or sabotage corporate systems.
Sometimes environmental factors might move a person from being an insider risk to an insider threat. For example, a person may need money and be willing to exfiltrate data to pay gambling debts, cover the medical care for an ailing relative, etc. Insiders may also be at risk of becoming a threat because of a disagreement that they have with their boss, disgruntlement over being passed over for a promotion, or from simply being disillusioned with the company. In an era of increased remote work where people’s behaviors and loyalty are no longer strengthened by proximity to coworkers, developing a positive work environment is critical to mitigating insider risk. People with limited bonds to an organization feel less compelled to adhere to corporate policies regarding cybersecurity.
The shift to remote work has changed the nature of security. As people work from home, there are a myriad of endpoints from which data can be exfiltrated. While DLP and blocks and locks should be a part of corporate cybersecurity programs, people will always find ways to sneak through the cracks. Companies can’t simply rely on things like Windows event logs because insider risk is a complex problem. When all you look at is a limited data set, you’re overlooking the people problem.
Today’s digital and distributed enterprises need insider risk management programs to analyze all of the behavioral data that indicates when somebody has moved from being an insider risk to an insider threat. Given most cybersecurity incidents originate from insider risk, a proactive insider risk program should sit at the core of a company’s cybersecurity strategy.
To learn more about the trends shaping the insider risk landscape, download our recently released 2023 Insider Risk Investigations Report.