The key to detecting and stopping insider-led data security breaches starts with understanding the people who are behind them. Who are they and what’s their motivation? All too often, breaches start with an unhappy, disgruntled or unenthused employee (or even a third-party contractor). That person may decide to act maliciously, stealing or destroying valuable information out of spite, or they might just accidentally compromise data out of negligence. Either way, this is bad for business.
An insider threat can happen when someone with authorized access to an organization’s network misuses that access and trust – intentionally or unintentionally – and negatively impacts the confidentiality, integrity or availability of the organization’s critical information or systems. Of course, threats can come from any level and from anyone with access to proprietary data. This person does not necessarily need to be an employee, they can be a third-party vendor, contractor or even a partner. According to Verizon, 25% of all security incidents involve insiders. Marketing ploys aside, there’s no getting away from the fact that businesses must increasingly put the emphasis on their people when it comes to good cybersecurity.
Interestingly, a new global survey revealed that 89.5% of UK IT leaders recognize that a happy workforce is more likely to keep an organization secure than an unhappy one. Yet, nearly half (48%) of businesses globally still aren’t investing in employee happiness and wellbeing. Against the backdrop of today’s ongoing political and economic uncertainty, thanks to the Brexit saga, it’s not hard to imagine how this issue could be a flashpoint for an insider threat.
Understanding user behavior and having the tools to spot unusual, suspicious or policy-breaking activity are key to catching the early indicators of a breach. Establishing the context behind a user’s actions also means that breach investigations can be handled properly, that business leaders can learn from incidents -- implementing overdue changes that improve security best practices, and coaching staff in better cybersecurity habits.
Here, wellbeing efforts can play a very important role in motivating staff to pull their weight on the cybersecurity front, whilst also feeling trusted by their organization to do their jobs well and do right by the company. In today’s connected and collaborative world, we must question the feasibility of a ‘zero trust’ model of cybersecurity, especially when it comes to managing the insider threat.
There’s an incredible opportunity for businesses to connect the dots on staff wellbeing and keep a business secure from the inside out. Today, there is a strong tendency for an ‘us versus them’ mentality to form between cybersecurity teams and insiders, especially if policies are seen to limit productivity or curtail activity, but to me, zero trust scare tactics aren’t going to help you get the best out of people. Coupled with the smart use of verification technology, trust and understanding must be put (back) at very heart of cybersecurity to get the best results, particularly when it comes to insider threat management.
Original article published in Infosecurity Magazine on 25 July 2019
Subscribe to the Proofpoint Blog