The global demand for enhanced insider risk management capabilities will continue to skyrocket across industries throughout 2024. As security leaders grapple with the rise of generative AI, calls for greater collaboration between public and private sectors, and ever-evolving employee motivators, insider risk management will be more important than ever to mitigate risks before data loss occurs.
Here are some of the top predictions for the upcoming year.
Growing tension between insider risk and employee privacy
The average cost of an insider incident in 2023 was $16.2 million, and it took 86 days to contain it. Those rising costs, along with the potential damage to brand value from insider risk incidents, will push companies to prioritize spending on insider risk programs in 2024. But as they do, it’s important they strike the right balance between proactive privacy measures and risk quantification. As companies strengthen their insider risk programs, they will need to be transparent and respectful of employee privacy. Otherwise, they will create an aura of mistrust where employees, who should be the first line of defense against insider risk, will not become active participants in safeguarding the organization’s data and assets. Employees who are concerned about a lack of privacy with their companies’ insider risk programs can become disgruntled employees, which creates a different set of risks.
The broad adoption of AI will increase insider risk
When compromised insiders or malicious insiders can use AI, they can be even more harmful on an even bigger scale. This year, organizations should anticipate greater use of AI to outsmart individuals. Companies have done a much better job protecting themselves against external threats in recent years. As a result, threat actors are looking for other ways to gain access to confidential data. Using the privileged credentials of an outsmarted employee, threat actors can easily move across the network without raising suspicion. AI will help threat actors create more frequent and specific emails targeting insiders. For example, with business email compromise (BEC) attacks, threat actors who use AI for greater personalization will see higher success rates when their socially engineered emails closely resemble the tone and style of someone the target knows.
Analysts will increase their use of AI and ML
In the next few years, advancements in AI and ML will upgrade the tools used for proactive insider risk management. AI will improve behavioral analytics and strengthen contextual analysis. Additionally, companies will be better able to automate tasks such as data collection, aggregation, and risk scoring efficiently and at scale. By automating those tasks, analysts will have more time to investigate indicators of intent. This is important because as companies move to create comprehensive insider risk programs, they will still need to leverage both human expertise and automated tools.
This year and for the foreseeable future, humans will be the most powerful insider risk sensors.
Industry and government collaboration will rise to mitigate insider risk
According to US Department of Defense Principal Deputy Chief Officer Leslie A. Beavers, “At the end of the day, security requires everyone to be a part of the solution.” In the cyber arms race with threat attackers, one advantage they have is that they are better at collaborating and sharing information if it helps them gain access to confidential data. To counter this threat, industry and government leaders are beginning to collaborate and share information about best practices. This year, there will be an increase in public-private operating models like the Cybersecurity and Infrastructure Security Agency’s Joint Cyber Defense Collaborative, which was established to help the federal government and industry turn shared insights into risk-informed action. In addition, increased collaboration across enterprises and government entities will help create industry standards that set out specific, actionable guidelines for understanding and managing insider risks. The Five Eyes Insider Risk Practitioner Alliance, whilst still a working concept, will later this year officially launch, bringing together insider risk centers of excellence across the Five Eyes for this very purpose. We can already see some of the excellent work being done from the Australian Insider Risk Centre of Excellence as well as the Canadian Insider Risk Management Centre of Excellence.
Increased insider risk training for employees, especially when using corporate devices
When personal and corporate lives overlap, security incidents are more likely to occur. Research shows the intermixing of personal and corporate data is a significant factor in data breaches. We saw this with the Okta breach last year when an employee’s use of a personal Google account on a Chrome browser exposed sensitive information about Okta’s 18,400 customers. In hybrid work environments with people working from anywhere on any device, allowing the use of personal accounts on corporate devices will continue to create a glaring gap in security. In 2024, companies will put a greater focus on educating employees on the risks of using corporate assets for personal use.
When we look back at some of the biggest breaches from the past year, many of them could have been prevented if employers were not outsmarted through socially engineered phishing attacks. Although companies may not agree on everything that needs to go into an insider risk program, it’s widely acknowledged that training to help employees from being outsmarted is an investment that pays off. According to the 2023 Cost of Insider Risks Global Report, almost half (46%) of organizations surveyed are planning to increase their investment in insider risk programs in 2024. In the coming year, as AI helps threat actors increase the volume and specificity of attacks, companies will need to deliver training programs to their employees about good cybersecurity practices. Everyone in the company has a role in cybersecurity defense.
Insider risk is clearly defined
Like any emerging and growing space, people don’t always mean the same thing when they talk about insider risk programs. There are questions about the difference between insider risk and insider threat and larger questions about the tools a solution is required to have. This has caused confusion in the market for buyers. Last year, though, a few analyst firms released market guides that helped clarify the different components an insider risk program should have. In the coming year, as analysts continue to refine their market guides, it’ll be easier for companies to determine what’s required for inside risk programs to be effective. As companies gain a better understanding of what it is that they’re buying, investments in insider risk programs will rise.
As the global leader for insider risk management, DTEX empowers organizations and federal entities to proactively stop insider risks from turning into threats. Our purpose-built InTERCEPT platform operates at the intersection of data loss prevention, user activity monitoring and user behavior analytics to surface early warning indicators to detect, deter, and disrupt insider risks – quickly, easily and at scale. Contact us for a demo of InTERCEPT to learn more.