Even with the latest news involving major data leaks due to insider threats, organizations still haven’t taken action against the biggest risk to the business. A recent study performed by Imperva showed that 100% of the organizations they researched were found to have some form of insider threat. An insider threat can be an employee, a contractor or an outside vendor.
The threats were determined using insider threat behavioral analysis to detect suspicious activity on the network and on critical files. It also used detection algorithms to determine compromised credentials and end points. Although this research exposes a company’s vulnerability to threats, it doesn’t stop the problem from occurring. Insider threats are primarily from poor user security awareness or disgruntled employees. Monitoring is key to exposing these threats and stopping them before they become a long-term data leak. The longer the leak occurs, the more data is leaked and the more the company suffers when it’s finally exposed.
The right technology incorporates machine learning techniques and deception algorithms that detect unusual user behavior patterns. Most insider threats expose data that the user has legitimate access to, which is difficult to track using normal logging habits. Insiders also attempt to cover their tracks, which makes it difficult for an administrator to find the extent of the threat. Using the right monitoring tools reduces the risk of these threats and can expose the user’s behavior early, which also reduces the cost associated with these risks.
Why Are Insider Threats Still Succeeding?
Even with insider threats at the forefront of hacking news and critical data breaches, a recent study shows that 46% of 200 technology firms polled still cite insider threats as one of the major security threats to their organization.
Most companies don’t monitor internal traffic. External end-point traffic is monitored, any VPN or externally accessed points are monitored, but any internal traffic that remains inside of external firewalls is usually considered safe. Unfortunately, this is a common security flaw in most organizations that leads to insider threat success. An insider threat could be from an employee, a vendor or a contractor with access to the internal network.
Insider threats aren’t always intentional either. Some threats occur from user ignorance of security such as falling for phishing emails or social engineering phone calls. Better user security awareness greatly reduces these threats, but the organization still needs to have the right monitoring tools in place to find and weed out these threats.
Monitoring detects unusual user traffic habits, and they are the main resource for organizations that need to protect sensitive data. It’s almost impossible to stop insider threats initially, but the organization can detect them early to reduce the risk and damage. Most insider threats aren’t detected for months, so detecting these risks is key for protection.
Data analytics and user behavior patterns technology are used to identify these threats. Monitoring, user security awareness training, and the right security policy all play a part when protecting the organization against data leaks.