Welcome to the second installment of our three-part series on insider threat management. In our last post, we covered how to understand your organization’s insider risk. Now, we’ll discuss what it takes to jump-start the development of an insider threat management program.
Insider threats are one of the fastest-growing categories of risk, according to Ponemon Institute. In fact, the frequency of insider incidents has spiked by 47% in just two years. A contributing factor to this steep rise is today’s work-from-everywhere culture, which challenges traditional security perimeter boundaries.
Here are three ways to get a dedicated insider threat management practice off the ground quickly to address this risk:
1. People: Set up a multidisciplinary, insider threat task force
Insider threats are a unique, people-centric security risk. Visibility into what insiders do with corporate resources is crucial to managing this risk effectively. So, too, is the ability to communicate clearly across technical and non-technical teams.
So, when assembling an insider threat task force, don’t focus only on recruiting security and IT teams. Insider threat management programs should include people across the entire organization. Human resources, legal, line-of-business leaders and executives are equally important players in this effort.
Your multidisciplinary team also needs an executive champion—and finding one is a critical first step in building the team. The champion should help ensure the organization prioritizes the development and operation of the program.
You also need a clear strategy to mitigate and prevent potential incidents. A steering committee that includes technical and non-technical stakeholders can form that strategy. Consider including external consultants in areas such as forensics, legal or privacy management, as they can be significant assets.
2. Process: Developing an insider threat management framework
A solid plan is foundational to implementing an insider threat management program. It should include documentation of the team’s roles and responsibilities, as well as key processes. Sample elements of an insider threat management framework could include:
- Explaining program staffing and resourcing
- Outlining the responsibilities for a program office
- Delineating how various departments will provide relevant information to the insider threat hub
- Determining initial operating capability and full operating capability dates and milestones
- Formulating current and subsequent fiscal year budgets
Once your initial process is in place, you’ll be ready to assess how your security technology stack can support your team.
3. Technology: Detection, response and prevention
Many legacy security tools focus on data movement only. And monitoring a technology or network perimeter is no longer effective with the rise in remote and hybrid work.
To gain visibility into insider risk, you need to look at both user activity and data movement together—and how users interact with sensitive corporate data and assets.
That visibility can help you detect potential threats in progress, speed up incident response and even prevent incidents from happening.
According to Ponemon Institute’s research, two-thirds of insider incidents happen by accident. Insider threat management technology can help your security team alert insiders of their mistakes and provide actionable strategies for avoiding similar issues in the future.
Learn more about insider threat management programs
Increasing insider risk is just one reason to get your insider threat management program started today. A successful strategy can also help your organization save money and avoid reputational damage from these incidents.
For more details,download our e-book, “A Guide to Setting Up Your Insider Threat Management Program.”
Also, be sure to check back on the Proofpoint cybersecurity blog soon to read the final post in this three-part series. We’ll provide more details on how to build an effective insider threat management program for your organization.