Being in the business of being at risk for data breaches can make for a very costly business model. And, unfortunately, all businesses these days are at risk for data breaches. Take these numbers into consideration:
- Depending on how many records are accessed or lost, the cost of a breach for some enterprises can be on average $4 million
- An all too frequent cause of a breach – whether intentional or accidental – is caused by an insider threat. In a 2016 study69% of enterprise security executives reported that insiders within their company had attempted theft or corruption of data
- 62% of business users report having access to company data that they probably should not have been able to access
The very challenge itself – and the concept that one may not be able to trust the very individuals on whom they rely to operate their organization – can seem insurmountable to overcome. A recent CSO piece presents, however, that tackling the problem of insider threats can be easier than one think.
The article highlights key observations from industry experts on the ways to minimize risk. For example, Geoff Webb, vice president of strategy at Micro Focus, noted how insiders cannot breach the valuable data intentionally or unintentionally if they do not have access is the first place: "Many organizations struggle to adequately manage who has access to data, even highly sensitive data, mostly because of the complexities of the modern workforce, the role of many outsiders, the rate at which information flows, and the effects of privilege creep over time for long-time employees."
I’ve worked with organizations to prevent insider threats as well as in response to incidences. In my experience, the notion of it being “easy” to deter and detect insider threats is only the case if organizations are proactive about their approach in the first place. There are strategic ways to be proactive – from having internal training for business users to feel responsible with knowledge, skills and awareness – to monitoring activities that companies can employ that set up rules and parameters on what is considered appropriate for various employees to do as part of their work functions and flag instances that are outside of those rules.
As Webb shared with CSO: "Enterprises should monitor activity around access to sensitive or valuable data, looking for anomalous behavior that might indicate that an insider is either improperly accessing that data, or as is often the case, that an outsider is successfully impersonating a privileged user after stealing their credentials."
If you have the correct monitoring solution in place as this expert says, then of course detecting is much easier. On the other hand, detecting just isn't enough, it’s how easy can your organization protect itself from insider threats. I believe that companies that haven't thought much about insider threats need to at least start with detection, but the end goal has to be a solution with automated and proactive responses.
A $4 million expense is a pretty hefty potential cost to incur when threats can be prevented if the right company approach is embraced at every level. I invite you to explore the automated approach we offer at Teramind with our employee monitoring and insider threat prevention platform that detects, records, and prevents, malicious user behavior. And, contact me anytime at firstname.lastname@example.org if you have questions on insider threat prevention.