3. It's a people problem — Too many organizations have the misconception that insider threat is strictly a cyber security or technical matter. But FBI analysts stressed at the 2013 RSA Conference that this issue is a people-centric problem and must be handled with a people-focused solution, including a multidimensional and multidisciplinary approach. When it comes to improving processes, organizations are focusing on education to help employees understand policy and the importance of protecting information. Processes should be implemented and well defined and include strict on-board and off-boarding processes. Inventory of all organizational assets should be regularly updated and maintained, and established passwords and account policies and procedures should be defined, broadcasted and enforced. Additional monitoring and technical controls around high-valued and privileged users should be deployed.
4. It's an ongoing battle — While people and process are the dominate elements, technology is a significant part of the protection against insider threat. New technologies are emerging to help identify and deter the problem. The best high-performing security organizations use advanced analytics to catch this kind of behavior on a regular basis by understanding the normal conduct of each peer group and the risks associated with them. These systems can monitor thousands of potential risks in real-time and offer insight into risky behavior that can lead to data exfiltration. Other technologies exist to help with education or deterrence. Should behavior start down a potentially dark path, organizations can report these activities back to the employee to remind them that they are being monitored. And remember, you must educate and re-educate regularly as well as continuously monitor your employees to ensure you maintain the highest possible level of protection on an ongoing basis.
5. It's a trust issue — Some information security leaders' fear being seen as the "Big Brother" or the bad guy. They are uncomfortable monitoring their employees, or they see their employees as trusted agents and want to view them in such a light. New technologies exist to help monitor employee behavior in a nonintrusive and effective way. Additionally, privacy laws pose some barriers to employers trying to implement a program. However, with full disclosure of the initiative, employers in most cases are protected. This disclosure also acts as a deterrent to bad behavior, killing two birds with one stone.
As you're developing your insider threat strategy, consider the benefit to your organization and the protections that this strategy will provide. It will defend against more than its definition. Take the 2012 South Carolina data breach, for example. A reported 3.6 million tax payers' social security numbers were compromised and 387,000 credit and debit card numbers were exposed. This was the work of an external actor, a phishing attack to be specific. The individual was able to enter into the organization's systems, appear to be a trusted insider, and reap the benefits.
Sign up for MIS Asia eNewsletters.