The rise and complexity of insider security incidents has seen insider risk emerge as one of the fastest growing areas of cybersecurity today. The recently released 2023 Ponemon Cost of Insider Risks Global Report by DTEX Systems found 77% of organizations have started or are planning to start an insider risk program. Nearly half (46%) plan to increase funding in insider risk management in 2024.
For partners, the urgency among public and private sectors to get “left of boom” represents a significant opportunity for product sales and services.
When it comes to insider risk management, some organizations are further along the maturity curve than others. Company size and resources allocated to an insider risk program can say a lot about a company’s insider risk capability maturity. Often, companies fall into one of three categories:
- Compliance-only focus: These organizations typically have a very small insider risk team with members from government, risk, and compliance (GRC), cybersecurity, and IT. They often lean towards traditional solutions, like data loss prevention, to meet compliance. They are less interested in real-time risk indicators.
- Basic management: These companies have realized that compliance does NOT equal security and have invested in behavioral-based tools to uplift their overall security posture. The insider risk team is usually the CISO, who will often rely on out-of-the box detections with some customization, while the SOC manages the technology.
- Mature: These companies have a cybersecurity culture that is supported by senior leadership at all levels of the organization. The insider risk team is comprised of all the core groups in the company including senior leadership, business unit managers, HR, legal, GRC, cybersecurity, and IT. These teams have outlined risky behaviors at all levels of the organization that they would like to monitor for in near real time and have a mature governance structure and approach for managing insider risks. This type of program is typically managed outside of the SOC.
DTEX and ServiceNow: Closing the Ticketing Loop in Insider Risk Management
Many of DTEX’s customers with mature insider risk programs leverage the DTEX InTERCEPT platform as their single source of truth. The core connection point for many of these customers to the SOC is achieved via ServiceNow. By leveraging ticketing within ServiceNow, they have an auditable log of all the tickets that are opened with the SOC. The tickets can be generated by DTEX and managed within ServiceNow. This powerful integration allows bi-directional updating of the tickets for closed loop management of all insider risk related issues.
By supporting the DTEX-ServiceNow integration, partners have a great opportunity to help mature their customers’ insider risk capability while elevating their professional services offering.
If you would like to learn more about how DTEX integrates with ServiceNow, please reach out for demo.