It’s not the gentlest wake-up you’ve ever experienced. The sergeant’s muffled shouting, the siren’s wailing. You grab your pants and shove your legs into them, before sprinting out the door. This is it. In the hallway, people are leaping in and out of doors, arms flailing. Everything’s flashing red.
Someone next to you starts barging against the exit door, so you join in. Nobody knows today’s access codes yet apparently. “1, 2, 3!” After four barges, you’re through. Bleeding, but through. You sprint out into the sun, and as you turn to look back, thousands more stream after you — each from different corners of the building.
You leap into the nearest bunker and grab a window seat — not that this is going to be picturesque. And that’s when you see it, soaring through the air. Why can’t you hear anything? The missile looks much thinner than it did on the training videos. Must be some new technology.
You pin yourself to the floor, and wait for impact. Then you wait some more. Then a bit more. Minutes go by before you peer over the top and… the missile is limp on the ground. What’s happening? Did it just…bounce off?
That’s when you hear the shout: “False alarm, everyone — it’s just another javelin.”
Another javelin. Another victory for whoever decided to place the athletics center next to a military base with an outdated radar. Tens of injuries, everyone’s time wasted, and at least one broken door — all for nothing.
Sounds ridiculous, right? But this is exactly how many businesses deal with insider risks. Ad hoc solutions often lack the ability to differentiate between levels of risk, which means they bombard users with alerts and system logs that can be almost impossible to keep up with. Heavy-handed systems over-react — blocking employees from downloading or sharing vital data — even when they don’t represent a risk.
Spread across an entire business, this practice undermines productivity and makes it difficult to innovate faster than your competitors. And the opposite problem also occurs. When 90% of the alerts can immediately be dismissed as harmless, it’s natural for admins to stop taking any notification they receive seriously.
This is often when disaster strikes, as one real threat is buried underneath the avalanche of normal, yet flagged, behavior. In effect, your organization can’t differentiate between javelin throwers and rocket launchers — so it treats them all in the same way: either with too much caution, or not enough.
Insider Risk solutions of the future don’t see an obsolete, radar-style blip on a screen — they see a full color, ultra-HD picture that allows them to differentiate between levels of risk. That means they only send users a notification when they really have to. So when your security team sees an alert, they know it’s worth paying attention to. And employees are free to download and share data, as long as they’re not violating any agreed security conditions.
Coincidentally, Code42 happens to have created one such internal risk solution. And while it belongs in the future, it’s available in the present. Incydr employs a series of risk indicators, including job roles and imminent departure dates, to identify data that’s at a higher risk of exposure or exfiltration.
That way, you can always differentiate between missiles and javelins—helping you to protect your data from risks, while protecting your productivity levels against overzealous security.
For more information on how Code42 can help you manage Insider Risk, learn more about Incydr today.