Organizations store all sorts of valuable data, but their most sensitive data is very attractive to attackers and criminals who can access that data and use it for purposes other than its intended purpose. may be used for The very serious threat of an insider stealing an organization’s data was most recently demonstrated by him in April 2023. Department of Justice US Air National Guard officer Jack Teixeira shared his recent arrest in connection with an investigation into the alleged unauthorized removal, retention and transmission of classified defense information.
With insider threats on the rise, organizations want to understand the best options for dealing with these types of threats. In this article, we’ll explain what insider threats are, why you need an insider threat program, why you might need one, and what you need in a strong insider threat program.
What is an insider threat?
Insider threats are nothing new. Anyone can be a threat, and this kind of threat can go undetected for years. literally.examination Ana Montez, a former Department of Information (DIA) officer who was ultimately sentenced to 25 years in prison for acting as a Cuban spy. She started her career with her DIA in 1985, but it wasn’t until 2001 that she was arrested for leaking defense information to Cuba. Several others have provided valuable insider threat lessons to the security community through similar activities (e.g. leaking national information) since the early 2000s. security information). We learned about their motivations and how their actions impacted security programs and prompted the need for insider threat programs.
The U.S. National Institute of Standards and Technology (NIST) insider threatThis does not involve individuals intentionally or unintentionally using authorized access to harm organizational operations or assets, individuals, or other organizations. Individuals may use authorized access to access and publish confidential or controlled unclassified information (CUI) (such as the U.S. Federal Information System, or intellectual property or have access to sensitive personally identifiable information).
Insider threats come in many forms, so organizations should continuously monitor their employees to ensure that they are not experiencing higher-than-usual stress in their personal lives, particularly financial stress, fraud, and overall job satisfaction among employees. It is necessary to detect individuals who may have been exposed to Disgruntled employees pose a unique threat to organizations because they are easy targets. Criminals actively recruit disgruntled employees to extort intellectual property and confidential information.
insider threat program
according to 2022 Cost of Insider Threat Global Report According to Ponemon, insider threats increased in both frequency and cost in the two years prior to the publication of the report. Insider-related incidents included employee negligence (56%), criminal activity (26%), and user credential theft (18%).
Organizations with strong insider threat programs are better equipped to understand the different types of threats and the damage they can cause. An insider threat program should be well tailored to meet the needs of the organization and the industry in which it operates.
Challenges to mitigating insider threats
Insider threat prevention is a resource-intensive full-time job. Detecting behavior that may indicate an insider-related incident or when sensitive data leaves your organization requires both human resources and technology. Insider threat if the organization lacks the ability to provide insider awareness and training to its employees and invest in necessary technology such as data loss prevention and user and entity behavioral analytics tools is difficult to mitigate.
Lack of resources and support
Operations teams can be discouraged if they lack the resources they need to mitigate insider threats. Equally discouraging, in some cases, is the lack of leader support, to the point that a disgruntled employee steals sensitive data, of course. As organizations begin to design and create insider threat programs or enhance existing ones, it becomes important to develop a strategy to gain buy-in from key stakeholders.
Powerful insider threat program
The approach to developing an insider threat program should be carefully planned, taking into account the data assets an organization maintains, applicable laws and regulations, and key stakeholders.
Here are four steps that organizations with employees can take now to strengthen their insider threat programs.
- Find the Right Data Loss Prevention Solution software for your organization
- Develop and implement comprehensive awareness and training to enable employees to recognize and report insider threats.
- Adopt the principle of least privilege for users and devices. Log and analyze privileged function executions to reduce risk from insider threats.
- Develop a specialized incident plan for insider-related incidents to ensure proper and timely response
Many insider threats can be mitigated through security best practices, customized security controls, and a strong insider threat program. While newsworthy stories about figures like Ana Montez and Jack Teixeira may be reported, data shows that insider threats are often linked to employee negligence rather than malicious intent. You can see that Whether you’re leading a large organization or running a small business, protecting against these threats is critical to the overall success of your business, so be prepared for every conceivable scenario. .
About the author
Ambler is an attorney with extensive experience in corporate governance, regulatory compliance and privacy law. She currently consults on governance, risk and compliance, enterprise data management, and data privacy and security issues in Washington, DC.she also wrote with mullet design On today’s most important cybersecurity and regulatory compliance issues.
Disclaimer: The author takes full responsibility for the content of this article. The opinions expressed are their own and do not represent those of the IEEE, the Computer Society or its leaders.
https://www.computer.org/publications/tech-news/trends/mitigating-insider-threats/ Why insider threats are on the rise