September 18, 2019 By Abhik Mitra 3 min read

Face it, insider threats happen. And odds are you are suffering a data loss, leak or theft even as you read this article. That’s a scary thought.

Unfortunately, insider threats are so common that organizations deal every day with data loss events when employees quit, mergers and acquisitions (M&As) are executed, realignments or reductions in force occur, and users work on highly sensitive projects. For many organizations, insider threats are an unsolved problem.

In spite of companies experimenting with traditional data loss prevention (DLP) solutions to stem data loss, DLP simply wasn’t designed to manage insider threats. Its original objective was to prevent the exfiltration of regulated data to meet compliance requirements. Traditional DLP just doesn’t deliver a comprehensive solution for insider threats.

There is hope, though, in a new approach to solving the insider threat problem. It begins with a focus on the data. This is critical because the dynamics of corporate culture have changed over time. Today’s end users choose to work from their preferred location, collaborate with peers and work on their own devices. As a result, data lives everywhere.

Three Key Capabilities for Next-Gen Data Loss Prevention Solutions

In this new paradigm, insider threat solutions must be focused on all of the data to provide valuable insights that are ultimately required for faster insider threat detection and response. This has now given birth to a new breed of next-generation data loss prevention solutions.

Let’s dive deeper into three capabilities that next-gen data loss prevention solutions need to adequately protect against insider threats.

1. Comprehensive Visibility

Data has evolved beyond the traditional computer and increasingly resides in cloud storage services like Google Drive, Microsoft OneDrive and Box. Unless technology solutions provide visibility to all data movements from endpoints to the cloud and offer accompanying alerts in real time, security teams will be flying blind to where all their data is and when and how it’s leaving or being exfiltrated from their organization.

Today’s data is increasingly portable — it has to be. The modern worker must be able to share and collaborate files constantly with zero interruptions. All of this, of course, relies on the cloud. This means footprints of file transactions are all over the place and need to be monitored to protect the organization’s intellectual property.

2. Historical Context

Incident response mechanisms have a tendency to treat insider threats as point-in-time events that generally start on the day an alert is triggered. For example, when an employee quits and turns in their two-week notice, a security alert is triggered a week into this notice. While helpful, this does not add the necessary context about the employee’s actions before the resignation was actually submitted.

Organizations must account for user activity trends up to 90 days before employees signal their intent to leave. It is critical for data loss prevention solutions to keep files for as long as needed to not only protect data, but also support HR, legal and compliance needs.

Incident response relies on investigations and piecing together insights from security analytics tools. Without proper historical context, the data needed for investigations is woefully incomplete and could yield inaccurate conclusions.

3. File Recovery

The ability to retrieve files in seconds for content analysis and recovery is a key supporting act for incident response. Security and IT teams also rely on this capability to quickly bounce back from malicious or accidental data loss scenarios. They can rest assured that their intellectual property is secure.

Solving the Persistent Problem of Insider Threats

When data loss prevention solutions include these three capabilities, security teams can better manage their greatest insider threat challenges. These capabilities will yield truer data and help eliminate false positives, which are a huge waste of security’s time.

Today, insider threats represent an unsolved business problem. As more people job-hop, more data is at risk. The time is now for organizations to rethink their approach to data loss prevention.

Learn more about the IBM Security SOAR

More from CISO

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Boardroom cyber expertise comes under scrutiny

3 min read - Why are companies concerned about cybersecurity? Some of the main drivers are data protection, compliance, risk management and ensuring business continuity. None of these are minor issues. Then why do board members frequently keep their distance when it comes to cyber concerns?A report released last year showed that just 5% of CISOs reported directly to the CEO. This was actually down from 8% in 2022 and 11% in 2021. But even if board members don’t want to get too close…

The CISO’s guide to accelerating quantum-safe readiness

3 min read - Quantum computing presents both opportunities and challenges for the modern enterprise. While quantum computers are expected to help solve some of the world’s most complex problems, they also pose a risk to traditional cryptographic systems, particularly public-key encryption. To ensure their organization’s data remains secure now and in the future, chief information security officers (CISOs) should educate themselves about quantum computing, proactively address the coming quantum risks to cybersecurity and work to establish cryptographic agility in their enterprise.A future cryptographically…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today