Insider risk incidents are on the rise and becoming more costly to contain. As a result, earlier this year, Gartner predicted that 50% of all medium to large enterprises would adopt insider risk programs. To help organizations understand what they need to do to create insider risk programs or to mature their existing programs, Gartner published its “Market Guide for Insider Risk Management Solutions.”
The report reveals several key findings about developing insider risk programs and shares recommendations about how to develop those programs.
This blog post looks at the top three key takeaways from the report.
1. Most insider risks are attributed to errors and carelessness
Gartner notes most insider risk is not malicious. While the general public’s perception of insider risk may be of people intentionally stealing secrets to sabotage companies, most insider risk can be attributed to either people being outsmarted through phishing attacks or ignoring internal cybersecurity policies while trying to do their jobs.
For a deeper dive, MITRE has an excellent approach for understanding human-focused insider threat types.
Because most insider risk is not malicious, a fundamental principle to preventing insider risk is focusing on workforce training and developing a culture of trust that provides proactive feedback when an employee’s actions could lead to increased risk.
2: Insider risk management is not a single tool
Insider risk management is a collection of capabilities, policies and processes aimed at reducing risk. These tools require visibility across a range of employee activities and devices. The technical tools, which must be able to work with other tools in the cybersecurity stack, need to identify and detect risky behaviors by employees and third-party vendors that fall outside of approved corporate policies.
With monitoring tools, companies should be able to look at employees’ activities within the organization, in the cloud and on company-owned devices. Security risk managers are increasingly looking for more automation and technologies that go beyond data loss prevention, to holistic solutions that incorporate user and entity behavior analytics and artificial intelligence to monitor and analyze user behavior more quickly and effectively.
3: Insider risk management is a cross-functional activity
Gartner says that before deploying insider risk management solutions, companies should activate cross-functional teams to develop and manage their insider risk programs. These teams should include personnel from HR, compliance, and legal. But the first thing security risk management leaders need to do is get buy-in and authorization from senior leadership. The support of senior leadership is required in part because the inside risk program and its policies impact everyone across the company.
Insider risk policies should be transparent and developed in coordination with human resources and legal teams that are aware of privacy and compliance requirements in every region that the company operates.
We believe it’s also incumbent on human resources and senior leadership within the organization to clearly communicate across the organization about why and how insider risk programs protect the company and individuals.
The Rule of Three
Gartner says a common effective insider risk program looks at the types of individuals who might harm the organization, how they might do it, and how a company can prevent that from happening. As companies build out their insider risk programs, keeping these three key elements in mind will set them up for success.
There is no doubt that insider risk management is an increasing concern for cybersecurity executives. The Gartner® Market Guide for Insider Risk Management provides a strong understanding on how to build a solid insider risk program that utilizes the tools right for your organization. For the complete findings, download the full report.