September 18, 2019 By Abhik Mitra 3 min read

Face it, insider threats happen. And odds are you are suffering a data loss, leak or theft even as you read this article. That’s a scary thought.

Unfortunately, insider threats are so common that organizations deal every day with data loss events when employees quit, mergers and acquisitions (M&As) are executed, realignments or reductions in force occur, and users work on highly sensitive projects. For many organizations, insider threats are an unsolved problem.

In spite of companies experimenting with traditional data loss prevention (DLP) solutions to stem data loss, DLP simply wasn’t designed to manage insider threats. Its original objective was to prevent the exfiltration of regulated data to meet compliance requirements. Traditional DLP just doesn’t deliver a comprehensive solution for insider threats.

There is hope, though, in a new approach to solving the insider threat problem. It begins with a focus on the data. This is critical because the dynamics of corporate culture have changed over time. Today’s end users choose to work from their preferred location, collaborate with peers and work on their own devices. As a result, data lives everywhere.

Three Key Capabilities for Next-Gen Data Loss Prevention Solutions

In this new paradigm, insider threat solutions must be focused on all of the data to provide valuable insights that are ultimately required for faster insider threat detection and response. This has now given birth to a new breed of next-generation data loss prevention solutions.

Let’s dive deeper into three capabilities that next-gen data loss prevention solutions need to adequately protect against insider threats.

1. Comprehensive Visibility

Data has evolved beyond the traditional computer and increasingly resides in cloud storage services like Google Drive, Microsoft OneDrive and Box. Unless technology solutions provide visibility to all data movements from endpoints to the cloud and offer accompanying alerts in real time, security teams will be flying blind to where all their data is and when and how it’s leaving or being exfiltrated from their organization.

Today’s data is increasingly portable — it has to be. The modern worker must be able to share and collaborate files constantly with zero interruptions. All of this, of course, relies on the cloud. This means footprints of file transactions are all over the place and need to be monitored to protect the organization’s intellectual property.

2. Historical Context

Incident response mechanisms have a tendency to treat insider threats as point-in-time events that generally start on the day an alert is triggered. For example, when an employee quits and turns in their two-week notice, a security alert is triggered a week into this notice. While helpful, this does not add the necessary context about the employee’s actions before the resignation was actually submitted.

Organizations must account for user activity trends up to 90 days before employees signal their intent to leave. It is critical for data loss prevention solutions to keep files for as long as needed to not only protect data, but also support HR, legal and compliance needs.

Incident response relies on investigations and piecing together insights from security analytics tools. Without proper historical context, the data needed for investigations is woefully incomplete and could yield inaccurate conclusions.

3. File Recovery

The ability to retrieve files in seconds for content analysis and recovery is a key supporting act for incident response. Security and IT teams also rely on this capability to quickly bounce back from malicious or accidental data loss scenarios. They can rest assured that their intellectual property is secure.

Solving the Persistent Problem of Insider Threats

When data loss prevention solutions include these three capabilities, security teams can better manage their greatest insider threat challenges. These capabilities will yield truer data and help eliminate false positives, which are a huge waste of security’s time.

Today, insider threats represent an unsolved business problem. As more people job-hop, more data is at risk. The time is now for organizations to rethink their approach to data loss prevention.

Learn more about the IBM Security SOAR

More from CISO

Making smart cybersecurity spending decisions in 2025

4 min read - December is a month of numbers, from holiday countdowns to RSVPs for parties. But for business leaders, the most important numbers this month are the budget numbers for 2025. With cybersecurity a top focus for many businesses in 2025, it is likely to be a top-line item on many budgets heading into the New Year.Gartner expects that cybersecurity spending is expected to increase 15% in 2025, from $183.9 billion to $212 billion. Security services lead the way for the segment…

On holiday: Most important policies for reduced staff

4 min read - On Christmas Eve, 2023, the Ohio State Lottery had to shut down some of its systems because of a cyberattack. Around the same time, the Dark Web had a “Leaksmas” event, where cyber criminals shared stolen information for free as a holiday gift. In fact, the month of December 2023 saw more than 2 billion records breached and 1,351 disclosed security incidents, according to research from IT Governance — an increase of 332% and 187%, respectively, over the month of…

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today