September 18, 2019 By Abhik Mitra 3 min read

Face it, insider threats happen. And odds are you are suffering a data loss, leak or theft even as you read this article. That’s a scary thought.

Unfortunately, insider threats are so common that organizations deal every day with data loss events when employees quit, mergers and acquisitions (M&As) are executed, realignments or reductions in force occur, and users work on highly sensitive projects. For many organizations, insider threats are an unsolved problem.

In spite of companies experimenting with traditional data loss prevention (DLP) solutions to stem data loss, DLP simply wasn’t designed to manage insider threats. Its original objective was to prevent the exfiltration of regulated data to meet compliance requirements. Traditional DLP just doesn’t deliver a comprehensive solution for insider threats.

There is hope, though, in a new approach to solving the insider threat problem. It begins with a focus on the data. This is critical because the dynamics of corporate culture have changed over time. Today’s end users choose to work from their preferred location, collaborate with peers and work on their own devices. As a result, data lives everywhere.

Three Key Capabilities for Next-Gen Data Loss Prevention Solutions

In this new paradigm, insider threat solutions must be focused on all of the data to provide valuable insights that are ultimately required for faster insider threat detection and response. This has now given birth to a new breed of next-generation data loss prevention solutions.

Let’s dive deeper into three capabilities that next-gen data loss prevention solutions need to adequately protect against insider threats.

1. Comprehensive Visibility

Data has evolved beyond the traditional computer and increasingly resides in cloud storage services like Google Drive, Microsoft OneDrive and Box. Unless technology solutions provide visibility to all data movements from endpoints to the cloud and offer accompanying alerts in real time, security teams will be flying blind to where all their data is and when and how it’s leaving or being exfiltrated from their organization.

Today’s data is increasingly portable — it has to be. The modern worker must be able to share and collaborate files constantly with zero interruptions. All of this, of course, relies on the cloud. This means footprints of file transactions are all over the place and need to be monitored to protect the organization’s intellectual property.

2. Historical Context

Incident response mechanisms have a tendency to treat insider threats as point-in-time events that generally start on the day an alert is triggered. For example, when an employee quits and turns in their two-week notice, a security alert is triggered a week into this notice. While helpful, this does not add the necessary context about the employee’s actions before the resignation was actually submitted.

Organizations must account for user activity trends up to 90 days before employees signal their intent to leave. It is critical for data loss prevention solutions to keep files for as long as needed to not only protect data, but also support HR, legal and compliance needs.

Incident response relies on investigations and piecing together insights from security analytics tools. Without proper historical context, the data needed for investigations is woefully incomplete and could yield inaccurate conclusions.

3. File Recovery

The ability to retrieve files in seconds for content analysis and recovery is a key supporting act for incident response. Security and IT teams also rely on this capability to quickly bounce back from malicious or accidental data loss scenarios. They can rest assured that their intellectual property is secure.

Solving the Persistent Problem of Insider Threats

When data loss prevention solutions include these three capabilities, security teams can better manage their greatest insider threat challenges. These capabilities will yield truer data and help eliminate false positives, which are a huge waste of security’s time.

Today, insider threats represent an unsolved business problem. As more people job-hop, more data is at risk. The time is now for organizations to rethink their approach to data loss prevention.

Learn more about the IBM Security SOAR

More from CISO

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

Why security orchestration, automation and response (SOAR) is fundamental to a security platform

3 min read - Security teams today are facing increased challenges due to the remote and hybrid workforce expansion in the wake of COVID-19. Teams that were already struggling with too many tools and too much data are finding it even more difficult to collaborate and communicate as employees have moved to a virtual security operations center (SOC) model while addressing an increasing number of threats.  Disconnected teams accelerate the need for an open and connected platform approach to security . Adopting this type of…

The evolution of a CISO: How the role has changed

3 min read - In many organizations, the Chief Information Security Officer (CISO) focuses mainly — and sometimes exclusively — on cybersecurity. However, with today’s sophisticated threats and evolving threat landscape, businesses are shifting many roles’ responsibilities, and expanding the CISO’s role is at the forefront of those changes. According to Gartner, regulatory pressure and attack surface expansion will result in 45% of CISOs’ remits expanding beyond cybersecurity by 2027.With the scope of a CISO’s responsibilities changing so quickly, how will the role adapt…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today