With insider risk rising and becoming increasingly expensive, it’s becoming more incumbent on companies to figure out how they want to tackle it. Historically, one approach has been to use Data Loss Prevention (DLP) technologies.
As far as cybersecurity tools go, DLP is mature, but its limitations are becoming more evident. According to Gartner, “traditional approaches to DLP rely heavily on content inspection capabilities that are resource-intensive and often lead to performance issues with high numbers of false positives.”
DLP systems can also be overly restrictive, primarily because organizations want to make sure they capture any possible data leakage. This can frustrate non-malicious employees who are trying to do their jobs by accessing and sharing data for legitimate business purposes. DLP can also be easy to outsmart by both malicious and non-malicious insiders. Even an employee with limited tech skills can use an ordinary cell phone to capture sensitive data. They’re also reactive, spotting problems only after an incident has occurred.
Gartner® Market Guide for Data Loss Prevention suggests a better way of managing insider risks. Gartner recommends investing in a solution “that offers comprehensive and adaptive data protection techniques, including both content and contextual inspection capabilities with a focus on identifying and managing insider risks.”
Insider Risk Management | Why Context is King
Insider risk is incredibly costly. Ponemon Institute’s 2023 Cost of Insider Risks Global Report shows the average annual cost of an insider risk incident is $16.2M. This does not include the collateral financial damage, which can exceed millions of dollars. The challenge with traditional DLP systems is that they neglect to address the root cause of insider risks. Instead, they focus on data at rest and in motion, when what they should be focused on is what creates risk in the first instance. That is, how people use or misuse data.
Behavioral DLP takes traditional DLP to the next level, affording the context that’s needed to identify and mitigate risk when it rears its head.
Gartner says that “Behavioral-based DLP vendors can analyze user activities, communication patterns and other contextual information to detect deviations from normal behavior.”
Examples include:
- Working longer than normal work hours for no apparent reason
- Impossible travel (accessing the network from Seattle and Singapore within two hours), or
- Frequent attempts to access information that’s outside of the scope of a person’s job.
All these behavioral clues that might slip past a traditional DLP solution would trigger an investigation from an insider risk program appropriately focused on people’s behaviors.
Currently, companies only spend about 10% of their cybersecurity budgets on insider risk, but our 2023 Ponemon Cost of Insider Risks Global Report shows that nearly half (46%) of all organizations realize that this is not enough and plan to increase their spending on insider risk programs. The report also shows that 77% of organizations have started or are planning to start an insider risk program. Clearly, companies are heeding Gartner’s message that traditional DLP is not enough.
DTEX InTERCEPT | Behavioral DLP for Risk-Adaptive Protection
DTEX InTERCEPT for behavioral DLP demystifies the context and intent of human behaviors without violating the trust and privacy of employees. Alert stacking and activity scoring algorithms accurately detect deviations that precede data loss events and prevent data loss resulting from compromised, malicious and negligent behaviors.
To learn more about InTERCEPT for behavioral DLP and insider risk management, request a demo.
To learn more about how DLP is evolving to enable proactive insider risk management, download Gartner® Market Guide for Data Loss Prevention.