Join our panel during Black Hat 2024 – Blurred Lines: Investigating the Convergence of Internal and External Threats



Insider Risk Insights - DTEX Blog

Insider Risk Resolution: A Decision Tree Framework

Insider Risk Resolution A Decision Tree Framework

Data loss from employees is an increasing concern for enterprise organizations and federal entities. Findings from the DTEX i3 2023 Insider Risk Investigations Report show that departing employees don’t leave empty handed, with 12% taking sensitive IP with them.

The number of insider incidents is also on the rise; our i3 Team conducted almost 700 investigations involving data theft from departing employees in 2022, up from 350 in 2021.

There is no doubt this figure will continue to increase, adding workloads to already time-poor analysts and security teams. That insider risks come in many forms adds another layer of complexity. Not all insider risks are created equal and, when it comes to insider risk resolution, a one-size-fits-all approach won’t cut it.

Having a holistic insider program that enables automated resolution in proportion to the level of risk posed is critical to stopping insider risks from becoming insider threats.

Understanding the types of insider risks and what questions to ask can enable analysts and security teams to choose the best course of resolution to proactively mitigate risk, while maintaining a trusted workforce.

Insider Risk Resolution: Proportionality is Key

The way insider risks are addressed can have a direct impact on whether that risk turns into a threat – whether malicious or not. As an example, penalizing a non-malicious, well-to-do employee for making a genuine mistake is more likely to make them disengaged than motivated to follow compliance. And, as our research shows, employee disengagement is a unique risk indicator for data loss.

In this use case, a better approach would be to course correct through training and awareness in a way that motivates them to support risk mitigation efforts.

When it comes to insider risk resolution and mitigation, the organization is not a bystander. A proportionate approach to training versus enforcement is key to stopping insider risks from becoming insider threats.

DTEX i3 Insider Risk Resolution Decision Tree

Trust forms the bedrock of any insider risk mitigation effort. Organizations must foster and work to maintain a trusted workforce from the top down. In practice, this means making employees feel part of the solution toward protecting data – and giving them the tools and incentive not only to comply with security policies, but to report on suspicious activity in a way that protects their privacy.

Insider risk resolution must not come at the cost of employee trust or culture. The DTEX i3 team has developed a framework to help analysts and security teams resolve insider risks in a way that is balanced and makes sense.

Download the DTEX i3 Insider Risk Resolution Decision Tree