The Insider Threat comes in all shapes and sizes, making it a hard nut to crack for IT. Virtually anyone with approved access to your corporate network or data stores is an Insider. Traditional methods to protect data, such as encryption, become meaningless. An Insider is already authorized to bypass these measures and access sensitive data. How do you protect your organization against the Insider Threat? The first step is the ability to identify the threat to begin with.
Threat Detection: Finding the Insider Threat
So, what turns a regular employee into an Insider Threat? In the end, it comes down to motivation, behavior, and/or negligence. In our new whitepaper, The Three Faces of Insider Threat, we take the traditional look at the Insider Threat, which considers only the Malicious or Negligent employee, and add a third kind of Insider putting data at risk.
- The Malicious Insider – motivated by greed, anger or revenge, this Insider targets high value data and can cause a lot of damage very quickly. Look for non-compliant activity (preferably automatically based on baseline behavior or access) and invoke pre-emptive security measures, such as removing sensitive data from the endpoint, as soon as possible.
- The Negligent Insider – hard to detect, this employee makes mistakes in an effort to be productive or helpful. The good news is that you can reduce negligent behaviours (using blacklisted apps, writing down passwords, sharing credentials) through ongoing training sessions and non-invasive security monitoring, such as automatically alerting IT if encryption is disabled.
- The Unsuspecting / Acting Insider – motivated by greed, prestige or ego, a malicious outsider assumes the identity of an Insider, turning them into a puppet identity to target data that can be sold or revealed to boost their own profile. It’s often a simple phishing scheme that exposes credentials, allowing an outside to piggy-back from one user to another until they can access the desired data. Monitoring for non-compliant activity and suspicious user activity can help lock down access before it’s too late.
Absolute provides persistent endpoint security and data risk management solutions for computers, tablets, andsmartphones. Our customers depend on us to provide them with a unique and trusted layer of security so they canmanage mobility while remaining firmly in control. By providing them with a reliable two-way connection with all of their devices, our customers can secure endpoints, assess risk, and respond appropriately to security incidents.