Splunk & DTEX Partner to Deliver Noise-free Human Telemetry to the SOC. READ THE NEWS HERE.

WORKFORCE CYBER
INTELLIGENCE

BLOG

A Human-centric Approach to Operational Awareness and Risk Management.

New Forrester Research says ‘Motivations & Indicators’ are Key to Mitigating Insider Threats

Best Practices for Insider Threat Program

One thing is clear, everyone is waking up to the reality that mitigating insider threats can’t be done with rules or by monitoring a select few high-risk individuals.  We are WAY past the days of Robert Hanssen and Edward Snowden.  Every user is a threat… malicious, compromised, negligent or otherwise.

In fact, according to Forrester Research’s latest insider threat report, Best Practices: Mitigating Insider Threats, inadvertent misuse of data accounted for 39% of the data breaches that their survey respondents attributed to insiders.  So how is an already overworked cybersecurity team, drowning in data and alerts, supposed to protect a distributed workforce and prevent data loss while finding malicious actors without invading trusted insider and third-party privacy?  It’s not easy, but it can and must be done, according to Forrester.

“It’s difficult for security pros to detect this suspicious activity because insiders need to have privileged access to data to do their jobs. Since insiders are people and, therefore, entitled to privacy and due process, security pros must handle these incidents with greater care than external threats.”

The report offers three key take-aways for security pro’s and outlines best practices for designing, implementing and administering an insider threat program that works. The Key Takeaways Forrester calls out are:

  1. Insiders Are Responsible For Almost A Quarter Of Data Breaches – With trusted access to your most sensitive data, insiders represent a real threat to your business. Almost one-quarter of our survey respondents told us their firm experienced an insider incident — either inadvertent or malicious misuse of data.
  2. Insider Threats Are Not A Technology Problem – Insiders are people, not computers. Treating insiders as a technology problem ignores the human aspects of motivation and behavior. Detecting insiders requires a defined process and a focused team in addition to detection technologies.1
  3. The COVID-19 Pandemic Created Perfect Conditions For Insider Threats – Organizations globally moved quickly in response to the COVID-19 pandemic, sending workers home, reducing staff, and taking cost control actions. The lack of visibility caused by remote working plus the fear and uncertainty caused by these moves create ideal conditions for insider incidents.

By our assessment, the most interesting and important statement Forrester makes in this research is that ‘Insider Threats Are Not A Technology Problem’ and that insider motivations and behavior must be understood to accurately and proactively mitigate risks caused by insiders.

Security teams spend a lot of time, perhaps too much, attempting to learn the details of external threat actor motivations, intent, and capabilities, but they don’t develop this kind of intelligence for internal threats. To do the same for trusted employees and third-parties, SOC and IT teams need to learn and understand the typical motivations, intentions, and ‘tells’ of malicious insiders.  Why?  Because an insiders’ ability to blend in among us is what makes them so scary and such a challenge to identify. Malicious insiders make a choice to act – they leave evidence of their motivations and intentions – that can be monitored, analyzed and leveraged to prevent attacks.

A complimentary copy of the full Forrester report is available for download here.

Additionally, we will be hosting a live webinar with guest speaker Joseph Blankenship on Thursday, April 15, 20201 at 1 pm ET titled: ‘How to Build an Insider Threat Program that Works.’  Joseph will review this latest report and take live questions that dive into the report’s Six Best Practices for Addressing Insider Risk including the review of runbooks for accurate, smart threat investigation and cross-functional action that drives results and improves security.  Spaces are limited, register here.