Insider Threat Management

Form Follows Function: Why it is Important to Find Balance in Cybersecurity

Share with your network!

What is balance?

I often hear people talking about finding it, as though it were some object sitting on a shelf in a store. “There isn’t enough time in the day to do what I need to do,” or “I’ll get more sleep once I’m less busy” are common things that people say when they’re understandably lacking balance.

But achieving balance doesn’t really work that way.

You have to work to find, and then maintain, balance. Think about tightrope walkers or gymnasts. To balance, they have to know what’s off with their stance, and do work to fine tune their position. It doesn’t just magically happen overnight.

The same can be said for cybersecurity, particularly with insider threat management. To mitigate the risk of insider threat incidents, such as data leaks or exfiltration, you have to be willing to work towards a holistic balance between People, Process, and Technology.

You need buy in and support from your people. To get that, your cybersecurity processes have to be understandable – and not a burden. Your technology should help make both of these things happen.

So how do you set out to find this elusive thing that is balance?

Form Follows Function

Previously, we wrote an article about The (Not So) Secret Intentions of the People Behind Insider Threats. In this article we discussed how understanding your user’s intentions is a critical step towards improving organisational cybersecurity and mitigating the risk of an insider threat incident.

We also introduced an architectural and industrial design phrase into the cybersecurity space: form follows function. More specifically: thinking about how the form of your cybersecurity practices can fit the needed function.

  1. The form of your insider threat program should not create unnecessary barriers

    Think about how you might put up guardrails, rather than barriers. A guardrail guides you to stay on a road, but a barrier outright stops you. What can be done from a People, Policy, and Technology level to establish standards, communicate them, and manage them?

  2. The program should be easy-to-understand, and well communicated

    This is a variation on an unnecessary barrier, but important to consider. If someone can’t quickly understand the “What, How, and Why” for a cybersecurity policy, you’ve already lost them. How might you communicate this in a direct, relatable way, that can be enforced in terms of acknowledgment and activity?

Why Do You Need Balance?

To put it simply, you need balance with your insider threat management program, because it increases the likelihood of its effectiveness. And when you’re dealing with a people-based problem, you need to start by taking some variability out of the equation. (Think of it like troubleshooting!)

Seeking insider threat management balance can help you:

  1. Build trust across your organisation
  2. Establish expectations for policy establishment, enforcement, and response
  3. Create a comfortable atmosphere of self-policing

How do you actually do it, you ask?

  1. Establish a dialogue
  2. Share guidelines and policies publicly, and allow for some flexibility
  3. Use the right tools to help you establish, enforce, and respond to incidents

If you can do all of this, you’re well on your way to balancing your insider threat management program across the three major principles of People, Process, and Technology. But remember: balance isn’t something that can be bought or finalised, but rather consistently worked on and maintained.

Interested in Balancing your Insider Threat Management Efforts?

Proofpoint ITM is an insider threat management software that can help you detect, investigate, and prevent insider threat incidents caused by those with trusted access to your vital systems and data. To learn more, be sure to check us out.