It’s been a long time coming, if you ask us. This year, for the first time ever, Insider Threat has its very own dedicated month to spread awareness and improve defenses. The US National Counterintelligence and Security Center named September as National Insider Threat Awareness Month, with the goal of spreading the word about this common but often overlooked security threat.
Insider Threat Awareness Month: What it Is & Why it Matters
In a campaign aimed at informing everyone from government officials to regular citizens about the increasing frequency and dangerous nature of Insider Threats, September has been declared National Insider Threat Awareness Month.
Insider Threats occur when someone close to an organization with authorized access misuses that access to negatively impact the organization’s critical information or systems. This person does not necessarily need to be an employee – third-party vendors, contractors, and partners may pose a threat as well. The key here is that someone on the inside misuses their privilege to do harm to the organization. It’s also worth noting that Insider Threats can be either malicious or accidental, so even well-meaning employees or third parties can pose a serious risk. Threats can come from any level and from anyone with access to proprietary or sensitive information.
How common are Insider Threats? According to the Verizon DBIR 2019, 34% of breaches involve internal actors. That’s up from 25% in 2017. While insiders may not cause the majority of breaches, this type of threat is particularly difficult to identify and contain—and more costly than other types of threats. And lest you believe that accidents won’t cost just as much: negligence-based Insider Threat incidents cost organizations an average of $3.8 million per year.
Okay, enough of the scary statistics. Let’s talk about how to turn Insider Threat Awareness Month into an advantage for your organization.
Detect, Engage, Assist
William Evanina, a former FBI and CIA official who heads the counterintelligence center behind the new Insider Threat Awareness Month, stated that the point of his agency’s campaign was to “help government and corporate organizations get ahead of the problem by bolstering their insider-threat programs so they can detect, engage and assist at-risk employees before they go down the wrong path.”
At ObserveIT, we often break these typical phases of Insider Threat defense down similarly: detect, investigate, respond. Insider Threat Awareness Month is a perfect time to sit down and analyze whether your business is able to effectively carry out each of these key steps.
If you can’t detect Insider Threats, there’s no chance you’ll be able to investigate (engage) or assist (respond). You need a comprehensive Insider Threat detection system that can catch Insider Threats from common vectors like email, file-sharing apps, print jobs, USB usage, and more.
Similarly, if your SIEM or other security tool can detect Insider Threats, but has no way of correlating the data points to user activity to tell the whole story, it will take a very long time (weeks, months, or even years) to investigate and understand what happened. Context around user and data activity is absolutely key to properly investigating any Insider Threat.
Finally, if you do not have effective tools in place to respond to Insider Threats, costs increase alongside risk. Businesses must have user awareness and education programs and tools in place to decrease risk in real-time, alongside a strategy for responding in the event of an actual insider-caused breach. New regulations like GDPR mandate efficient response times, public notifications, and more—so Insider Threat preparedness is no longer a nice-to-have. That’s why we’re thrilled to see an entire month dedicated to increasing awareness.
A Challenge: Take Action on Insider Threats
With September as the newly declared Insider Threat Awareness Month and October as Cybersecurity Awareness Month close on its heels, you have a perfect ready-made reason to bolster your Insider Threat preparedness. As you look to budgeting and planning for 2020, review your organization’s current people, processes, and tools as they relate to Insider Threats. Do you have the ability to truly detect, investigate (engage) and assist (respond) in the event of an Insider Threat? If not, now is the perfect time to improve your Insider Threat posture.
Not sure where to start? Our brand-new Ultimate Guide to Building an Insider Threat Management Program is a can’t-miss resource. It features detailed plans and templates to get your Insider Threat Management Program off the ground or leveled up.