Face it, insider threats happen. And odds are you are suffering a data loss, leak or theft even as you read this article. That’s a scary thought.
Unfortunately, insider threats are so common that organizations deal every day with data loss events when employees quit, mergers and acquisitions (M&As) are executed, realignments or reductions in force occur, and users work on highly sensitive projects. For many organizations, insider threats are an unsolved problem.
In spite of companies experimenting with traditional data loss prevention (DLP) solutions to stem data loss, DLP simply wasn’t designed to manage insider threats. Its original objective was to prevent the exfiltration of regulated data to meet compliance requirements. Traditional DLP just doesn’t deliver a comprehensive solution for insider threats.
There is hope, though, in a new approach to solving the insider threat problem. It begins with a focus on the data. This is critical because the dynamics of corporate culture have changed over time. Today’s end users choose to work from their preferred location, collaborate with peers and work on their own devices. As a result, data lives everywhere.
Three Key Capabilities for Next-Gen Data Loss Prevention Solutions
In this new paradigm, insider threat solutions must be focused on all of the data to provide valuable insights that are ultimately required for faster insider threat detection and response. This has now given birth to a new breed of next-generation data loss prevention solutions.
Let’s dive deeper into three capabilities that next-gen data loss prevention solutions need to adequately protect against insider threats.
1. Comprehensive Visibility
Data has evolved beyond the traditional computer and increasingly resides in cloud storage services like Google Drive, Microsoft OneDrive and Box. Unless technology solutions provide visibility to all data movements from endpoints to the cloud and offer accompanying alerts in real time, security teams will be flying blind to where all their data is and when and how it’s leaving or being exfiltrated from their organization.
Today’s data is increasingly portable — it has to be. The modern worker must be able to share and collaborate files constantly with zero interruptions. All of this, of course, relies on the cloud. This means footprints of file transactions are all over the place and need to be monitored to protect the organization’s intellectual property.
2. Historical Context
Incident response mechanisms have a tendency to treat insider threats as point-in-time events that generally start on the day an alert is triggered. For example, when an employee quits and turns in their two-week notice, a security alert is triggered a week into this notice. While helpful, this does not add the necessary context about the employee’s actions before the resignation was actually submitted.
Organizations must account for user activity trends up to 90 days before employees signal their intent to leave. It is critical for data loss prevention solutions to keep files for as long as needed to not only protect data, but also support HR, legal and compliance needs.
Incident response relies on investigations and piecing together insights from security analytics tools. Without proper historical context, the data needed for investigations is woefully incomplete and could yield inaccurate conclusions.
3. File Recovery
The ability to retrieve files in seconds for content analysis and recovery is a key supporting act for incident response. Security and IT teams also rely on this capability to quickly bounce back from malicious or accidental data loss scenarios. They can rest assured that their intellectual property is secure.
Solving the Persistent Problem of Insider Threats
When data loss prevention solutions include these three capabilities, security teams can better manage their greatest insider threat challenges. These capabilities will yield truer data and help eliminate false positives, which are a huge waste of security’s time.
Today, insider threats represent an unsolved business problem. As more people job-hop, more data is at risk. The time is now for organizations to rethink their approach to data loss prevention.
Learn more about the IBM Security SOAR
Senior Product Marketing Manager, Code42