Thoughts on New Forrester Report: “Best Practices: Mitigating Insider Threats”

“In the words of one security leader, ‘If any company thinks they don’t have an insider threat problem, they aren’t looking.’” 

“2021 Forrester Best Practices: Mitigating Insider Threats,” Forrester Research, 2021

Insider threats are a significant and under-addressed cybersecurity problem. With the rise of remote work and the evolution toward a perpetually hybrid workforce, security leaders must increase visibility into the context of data usage to mitigate insider threats. 

We’ve reached a critical point where insider risk has become a threat to the modern organization, and it can no longer be overlooked and ignored. 

In the new report, “2021 Forrester Best Practices: Mitigating Insider Threats,” Forrester analysts Joseph Blankenship and Claire O’Malley provide an update to a previously published report that highlights the process to build an insider threat management program (ITMP). 

Primary insider threat motivators and indicators

It’s not uncommon for organizations to spend time investigating external threats, including attackers’ motivations, intent and capabilities. But this type of intelligence is often neglected or rarely considered when it comes to internal threats. 

In its new report, Forrester highlights the importance of understanding the typical motivations and intentions of malicious insiders, as well as what early indicators look like. For example, common motivators, like a work conflict, revenge or entitlement, are often linked to feelings of anger or mistreatment. And the indicators that a malicious insider is planning to take action could look like increased disagreements with colleagues, odd working hours or even leaving the company. 

Gaining awareness of the external factors that inspire malicious insiders to engage in nefarious activity is the first step to understanding the importance of having an ITMP. Creating an ITMP helps ensure you’re keeping your data and organization safe from the ramifications of an insider-caused data leak or breach.

10 steps to create an ITMP

The Forrester report provides 10 steps to follow to create an ITMP:

1. Gain executive sponsorship
2. Identify stakeholders
3. Classify data
4. Group users
5. Define policies
6. Create rules of engagement
7. Build a dedicated team
8. Establish consistent processes
9. Train and communicate
10. Implement monitoring technology

Additionally, the Forrester report offers some best practices around growing an ITMP once the program is established. These practices include applying technology as one of many safeguards (process and people are also very important) and extending your insider threat function beyond cybersecurity. 

When you start to develop your own approach to creating an ITMP, keep in mind that the program needs to be delicately balanced with the employee experience. In short, try to protect the organization and its data while also providing a positive work culture. 

The Forrester report also notes, “The employee experience will affect customer experience and business performance.” So, be sure to protect employee privacy and communicate transparently about monitoring requirements and their purpose.

This list may seem extensive. But when it’s approached step-by-step, it should prove manageable—especially when you partner with Proofpoint to implement an insider threat management platform driven by people-centric security solutions. 

Also, watch the on-demand webinar: “Managing Insider Risk with a Hybrid Workforce.”