In a recent blog post, we shared some insightful highlights from a panel discussion we had the opportunity to moderate at the SANS Institute Insider Risk Solutions Forum in September. During this conversation, top security executives from Gilead Sciences, Eaton Corporation, and NBN Australia shared their expert knowledge around insider risk management solutions.
Our previous post touched on some of the ways organizations can determine what to protect and who to protect it from. In today’s post, we’re going to explore the biggest challenges to managing insider risk—let’s dive into the good stuff.
- Privacy regulations for behavioral monitoring
One of the biggest and most time-consuming challenges facing companies as they roll out solutions to manage insider risk is securing the necessary approvals to monitor user behavior. Even with DTEX’s privacy by design approach, which includes data anonymization capabilities, the global deployment of a solution requires coordinating with work councils, meeting local privacy and compliance regulations, and timely reaction to new privacy policies that are often changing on the fly.
Most of our global customer base have approached this minefield by rolling out their solutions in stages, tackling easier countries first and then working their way into those countries that require a little bit of extra time consulting with the works councils. For example, pushing out behavior monitoring solutions in the U.S. tends to be an easier lift than tackling European countries, whose work councils want to bring in their own experts to review and discuss the tool you’re using to monitor for insider threats and establish a defined process.
- Time to maturity
Like anything, we’re all resource constrained, so bringing in the right people is challenging even for organizations that have an SOC team at their immediate disposal. A challenge companies often face is that their SOC team may not actually have the right skillset for this initiative, and so what do you do with that? It’s a massive challenge, finding those behavioral scientists that understand how to look for behavior-based threats is a very different challenge to what the typical SOC analyst is facing, so organizations often struggle to find the right people to help manage insider threats. It’s crucial that businesses figure out the right way to coordinate with operational stakeholders to ensure that the security team understands the risk and value in doing this kind of monitoring amidst many competing priorities.
This is also a challenge from the vendor side. For example, we’ve had to start looking and thinking about how we partner with organizations like MIDA, and many others, to try and create a new talent pool and train them from scratch. You’d be surprised to learn it’s rarely about taking people from an engineering background. More often than not, it’s looking for individuals in tangential areas like HR, where they have that different way of thinking about human behavior.
- Multiple monitoring solutions confusion
Another challenge on the technical side stems from the majority of the solutions that we have today encompassing some sort of built-in user behavior analytics. Whether it’s a file monitoring solution or your firewall, having multiple monitoring tools can bring just as much confusion as value. Figuring out a way to streamline the data and alerts that come from multiple solutions is a challenge many organizations continue to face in today’s distributed, digital world.
While there are many additional challenges organizations are up against in managing insider risk, these are a few of the ones that are top of mind for decision makers. If you and your organization need help addressing any of these, feel free to drop us a line to spark a conversation. We would love to hear from you.