Insider Threat Management

What’s Inside the Insider Threat Risk Assessment

Share with your network!

Here’s something that may come as a surprise: Not all insider threats are malicious. In fact, according to a recent Ponemon Institute study, 62% of global insider incidents were caused by a negligent employee or contractor, and only 23% of insider incidents were malicious in nature.

So, while it’s critical for organizations to recognize malicious insiders and prevent them from causing harm, they aren’t the only steps to prevent insider threats. 

Do you even know how well your business is protected from insider threat risks? An insider threat awareness test can help you determine where you stand. Let’s look at the benefits of this test and also explore the specific components you’ll find within the Insider Threat Risk Assessment from Proofpoint.

What is an insider threat awareness test?

At its most basic level, an insider threat awareness test is an evaluation of your organization’s efforts to detect and prevent insider threats. Through this evaluation, you gain insight into your organization’s readiness to prevent and respond to insider threats. 

We designed our Insider Threat Risk Assessment to allow organizations to gauge their insider risk program’s maturity effectively. The assessment will even benchmark your organization’s readiness against that of your peers. This 10-minute evaluation takes you through a series of questions across four categories: governance and metrics, detection and monitoring, investigations and response, and privacy and compliance. 

Following is a closer look at what’s inside the Insider Threat Risk Assessment process from Proofpoint.

Part 1: Governance and metrics

The first part of the assessment lays the foundation: Does your organization have an insider threat management (ITM) program or not? And if you do have an ITM program, is it aligned to the metrics and principles that will allow it to be successful?

Having defined metrics for your ITM program is critical to mitigating insider threat risks. These metrics will help you meet the challenge of new or evolving threat tactics more efficiently. Also, you can measure your performance against a set of defined metrics, which will help you illustrate the value and importance of the program to your entire organization.

This portion of the assessment will also help you determine which of the three main insider threat types you’re guarding against—negligent insiders, compromised insiders or malicious insiders. 

Ultimately, governance and metrics are all about people, program and policy. 

Part 2: Detection and monitoring

Risky insider activity isn’t limited to one technology channel. A mature ITM approach will track and monitor behavior across the network, email, endpoints, cloud, web and removable media channels. So, how do you know if you’re being proactive enough? 

In the second part of the Insider Threat Risk Assessment, you’ll gain insight into whether your ITM program is proactively securing your data from insider threats. After all, the greatest risk is with users—specifically, how they use data and what channels they use to do their work.

This portion of the assessment can also help you determine whether the program is appropriately monitoring how insiders interact with sensitive data and files. For example, an employee could mistakenly save a file to the wrong Box account. It’s important to know if it was a one-off incident, or if this mistake is being made repeatedly. 

But just as not all insider threats are malicious, not all insider risks are limited to employees. If you’re only monitoring employee activity for insider risk, your organization will remain vulnerable to negligent or malicious threats by various third parties, including the contract workforce.

Part 3: Investigations and response

When an incident occurs, do you have a well-documented plan in place to respond effectively? In the third part of the Insider Threat Risk Assessment, we explore your organization’s readiness to respond to an incident. 

It’s crucial for organizations to be able to identify the who, what, when, why and where of incidents—and also, do it quickly. The speed of the insider threat investigation can have massive implications on how much harm can be done. 

Part 4: Privacy and compliance

Finally, and perhaps most importantly, the Insider Threat Risk Assessment will help you understand what your organization must comply with under your unique jurisdiction. Your ITM program must account for legal concerns, your privacy culture and civil rights compliance.

Consider whether your ITM approach takes your organization’s culture across geographies into account. While shifting your entire organization to zero-trust security guardrails may seem like a quick fix, for example, it won’t work; there are often too many cultural variables in play.

Instead, you’ll want to consider your messaging to employees as part of your organization’s security training program. Help your team understand why screenshots present vulnerabilities, for example. And introduce processes, such as cybersecurity whistleblower protections, that allow the team to “watch the watchers.”

Who should take the Insider Threat Risk Assessment?

The Insider Threat Risk Assessment from Proofpoint is an awareness tool that allows organizations to gain greater insight into their ability to prevent and respond to insider threats. From governance and metrics to privacy and compliance, the assessment is designed to help you understand how an ITM program can help you better protect your organization against your riskiest asset: your people. 

Complete the Insider Threat Risk Assessment to gauge your organization’s readiness against insider threat risks—and walk away with an in-depth plan to improve your insider threat maturity.