Insider threats

Employees are the drivers of success and innovation at any company; therefore, many businesses have restructured to increase collaboration and make sharing easier than ever. While collaboration is important, many organizations have not put in appropriate detection and response data security controls to make sure data is never at risk. Instead, they simply trust employees to keep data safe.

Whether intentional or not, many times trust is abused. The 2019 Global Data Exposure Report showed that employees take more risks with data than employers think, which leaves organizations open to insider threats.

Rather than sticking to company-provided file sharing and collaboration tools, one in three (31 percent) of business decision-makers also use social media platforms, such as Twitter, Facebook or LinkedIn to share information. Another 37 percent use WhatsApp, and a staggering 43 percent use personal email to send files and collaborate with their colleagues.

The research also shows departing employees are a much bigger problem than companies realize. Sixty three percent of survey respondents said that they have taken proprietary data from their previous job with them upon exiting. As a result,  incoming employees are bringing valuable proprietary data to their new jobs.

The Real Impact of Insider Threats

Beyond the lost value of data that was removed, disclosed or destroyed, organizations can suffer immediate losses of fundamental value, as well as, lost revenue. These impacts of insider threat risks typically fall into one of the following categories: value, operations, and reputation.

Value

Value impacts refer to financial consequences. Insider threat impacts can directly hit the market value of a business. For example, if an insider threat event is announced publicly, share prices may drop in correlation. Another way the financial value of a company is comprised would be if intellectual property was stolen or exposed. Theft of a new product design or trade secrets can severely impact an enterprise financially.

The last way that insider threats can directly impact financial value is a hit to revenue. For example, if a company experiences a data breach due to an insider threat, it can result in a loss of revenue. According to Cisco, nearly one-third of businesses that suffered a breach lost more than 20 percent of their revenue.

Operations

Operations refers to the ability of a business to execute its mission. Operational disruption is one impact that insider threats have on an organization. Operational disruption can be tricky to identify, but it includes unplanned expenses, inability to deliver a service, and research costs.

Another area of operations that impacts costs is related to remediation. According to Deloitte, remediations cost can exceed over $10 million. This is of course is depending on the size of the organization, the degree to which the organization was harmed, and the required mitigation actions needed. Factors like industry and company spend may come into play as well.

Reputation

According to Cisco, half of organizations that were breached expended significant resources to actively manage the reputation and 42 percent of them lost nearly 20 percent of their existing customer base. Deloitte uncovered that new customer acquisition decreased by as much as 50 percent.

The study also revealed that large companies spent an average of $1,000,000 during a 12-month period to restore their reputation. The same study revealed an enterprise-sized company could experience an impact of $250 million over a five-year period by the devaluation of its trade name alone.

Current Prevention Measures Are Not Enough

Traditional data loss prevention security solutions are not working. Not only are data breaches occurring due to insider threats, they are happening on a much larger scale. According to the Global Data Exposure Report, 69 percent of organizations say they were breached due to an insider threat and confirm they had a prevention solution in place at the time.

“Organizations are overlooking the most harmful data security threat: their own employees. While security leaders likely are aware of the problem, they may not grasp the sheer magnitude of it. And most have fallen behind in effectively detecting and responding to insider threats,” said Joe Payne, Code42 president and CEO.

Many companies are not providing their employees with proper security programs, which leaves their organization and their data at risk. Steps to increase insider threat prevention include:

  • Requiring insider threat awareness trainings
  • Implementing data loss prevention programs
  • Adding data protection measures to onboarding and offboarding employees
  • Launching transparent, cross-functional insider threat programs
Require Insider Threat Awareness Training

Providing mandatory insider threat awareness training to the entire staff is a step towards decreasing breach risks. There are two types of insider attacks that include malicious and unintentional. Surprisingly, unintentional attacks are more common. With proper training employees are more likely to abide by security best practices and keep your data safe.

Overcoming cybersecurity challenges requires providing proper training to employees, with the participation and collaboration of stakeholders from different business functions.

The program should educate executives about which organizational and personal factors are likely to increase risk of malicious behavior and what insider threat indicators exist. Organizations should also identify and classify their key information security systems, applications and data so they can establish proper control over access to protected networks and critical data.

Implement Data Loss Prevention Program                                            

Data loss prevention does not have to be an overwhelming undertaking, instead a data loss prevention program can be manageable and progressive. “Deployment of a DLP tool should go from one tactical success to another (a “quick-wins” approach) to avoid outright failure due to complexity and organizational politics,” said Gartner Research VP Anton Chuvakin.

The first step in your data loss prevention program is prioritizing your critical data. Start by determining which data would cause the biggest problem if it were stolen. Would it be intellectual property, customer information, financial PCI protected data, or electronic patient healthcare information? While it may seem obvious, data loss prevention should start with the most valuable or sensitive data that is most likely to be targeted by attackers.

Understanding how data is used and identifying existing behavior that puts data at risk are critically important. That is why monitoring data movement is another critical step in a data loss prevention program. Organizations should monitor all data movement to gain visibility into what’s happening to their sensitive data and determine the scope of the issues that their DLP strategy must address.

Of course, data loss prevention is an ongoing process, not a single set of steps. By starting with a focused effort to secure a subset of your most critical data, data loss prevention can be simple to implement and manage. As your data prevention program matures, it is important to develop more specific, fine-tuned controls to mitigate specific risks.

Add Data Protection Measures to Onboarding and Offboarding

Whenever an employee leaves a company, whether willingly or unwillingly, it is important to go through a security checklist. The same goes for onboarding new employees. Going over and having employees sign agreements that state they will not share intellectual property with future employers is crucial.

Do not be shy about working with IT to make this process quick and easy for any employee you say goodbye to. The first step after a team member departs is to delete all of their authorized logins. This would include access to email, VPNs, company specific applications, and any other systems they should no longer have access to.

After that, it is important to change any shared passwords. As we said earlier, collaboration is the new way of the workplace. Many employees will still have knowledge of passwords that were shared by their team or department.  Because there is a possibility that an ex-employee may try to log back into these shared resources and you cannot block them by managing their logins, a change in password will be necessary.

Many employers give their teams mobile devices and laptops that meet the company security, performance, and uniformity standards. Make sure to take back any company phones, laptops, or computers that the employee has been in personal possession of.

Do not just delete apps the standard way, you will need to make sure that all company-related data is wiped from their devices including app metadata and anything stored in their phone’s filing system. Finally, when you have completed all of the steps above, check your regulations for employee information you should delete. Everything else can be archived for posterity.

Launch Transparent, Cross-Functional Insider Threat Programs

Organizations spend a lot of time, money, and effort trying to protect themselves and their data against hackers, cybercriminals, and other external threats. To help organizations better protect themselves against insider threats, the Global Data Exposure Report offered the following recommendations in its findings:

  • Security teams must evolve their data loss protection strategies and think beyond prevention. Prevention solutions are not enough to stop insider threat.
  • When prevention methods fail, security teams must detect, investigate, and respond to data leak, loss, and theft as quickly as possible.
  • Focus on the data. It is imperative to know where data lives, who has access to it, and when and what data leaves so that security teams can protect it across endpoints and cloud.
  • Invest in a next-gen data loss protection solution. This is the only way to truly mitigate the growing and evolving impact of insider threats.

Start by being transparent about your insider threat program. Telling employees about your program will deter far more internal risks to data than a covert insider threat program will. To achieve transparency, define, share, and regularly reinforce your protocols around data use and its ownership. Then, automate acknowledgment of those protocols.

Protect Against Insider Threats

Insider threats in cybersecurity are one of the top concerns that businesses are facing today. Whether that threat is due to ignorance, negligence or is made with malicious intent, use this information and LightEdge’s secure services to protect your organization.

LightEdge is committed to keeping your data safe, secure, and compliant. LightEdge offers a comprehensive product portfolio to ensure complete protection and uninterrupted performance of IT operations and mission-critical systems in the event of a disaster.

LightEdge is your trusted partner delivering fully integrated data protection, disaster recovery services, and workplace recovery facilities to ensure your business is always fully covered and operational and meets required compliance standards.

Our owned and operated facilities, integrated disaster recovery solutions, and premium cloud choices make up a true Hybrid Solution Center model. LightEdge’s highly-interconnected data center facilities now span Des Moines, IAKansas City, MOOmaha, NEAustin, TX and Raleigh, NC.

Each of our LightEdge facilities strive to deliver more than traditional data centers. We have created true Hybrid Solution Centers designed to offer a complete portfolio of high speed, secure, redundant, local cloud services and managed gateways to public clouds through our hardened facilities.

Want to learn more about LightEdge’s security, disaster recovery and business continuity services? Contact one of our security and compliance experts to get started or to schedule your private tour of any of our data center facilities. We have disaster recovery, colocation, and business continuity experts standing by to answer any of your questions.


Related Whitepaper:

Related Posts

Share This Article
Nate Olson-Daniel - Director of Pre-Sales Engineering
Nate Olson-Daniel

As one of the early contributors at LightEdge, Nate helped to build LightEdge’s first generation DSL network and pioneered IP Wide Area Networks before MPLS was a standard. Currently, he helps develop revenue streams with LightEdge’s sales and engineering teams and acts as a technical mouthpiece for LightEdge.