By now, you know the drill. The global pandemic and subsequent recession has radically changed how organizations mitigate security risk. And, of course, you’ve been invited to numerous webinars about this very topic.
Here at Code42, we wanted to make sure our customers got something different to think about. Rob Juncker, CTO of Code42, recently hosted “Pandemic Fallout Creates Perfect Conditions for Insider Threat” with Chase Cunningham, vice president and principal analyst at Forrester. Here is what you may have missed.
To kick off the presentation, Rob focused on the need to better understand the risk vectors associated with insider threat at a time when 100 percent of employees are remote. Collaborative enterprises (and I can only assume that means everyone these days) need a better way to manage insider risk through a Zero Trust approach.
Chase Cunningham, known as Dr. Zero Trust in some circles, didn’t waste any time in cutting to the, well, chase. After citing a few recent examples of insider threat incidents, he asserted that “almost half of insider threats are malicious” and kicked off a lively philosophical debate about whether organizations should monitor users. At a time when insider threat is growing 40% year over year, Chase questions why this is even a debate anymore. Organizations need to take insider threats seriously, and that includes analyzing user behavior over time.
But what does this mean? How can an organization monitor user behavior in a moral, ethical way that mitigates insider threat risk?
Here are my five takeaways:
1. “Mind the Gap” between a collaboration culture and blocking
There is a clear gap between what the business is driving and how security manages data risk. To date, this hasn’t exactly worked out as solutions such as Data Loss Prevention (DLP) block users, essentially impeding collaboration and productivity. The challenge is how to bridge the gap between what the business needs while keeping corporate data safe.
2. Insider threat is growing 40%. Why the debate?
Organizations continue to ask themselves if monitoring employees is the right thing to do. The data shows that the risk is real, but organizations need to hold themselves accountable for the data being collected and how transparent they are with employees about the process.
3. Insider threat remains unsolved
DLP and User and Entity Behavior Analytics (UEBA) had promise, but, if the pandemic has exposed anything, it is how restrictive and outdated these solutions really are. The rule book that was once written based on the premise that employees were on a corporate network or VPN may as well be tossed. Insider threat is very likely only going to get worse as users, devices, applications and other entities are increasingly distributed.
4. Almost half of insider incidents are malicious
We like to think that most instances of insider threat are non-malicious in nature. This is a timely reminder that while no one joins an organization with the intent to wreak havoc, political dynamics and loyalty can change over time, leading to dubious decision making. Tracking changing behaviors is critical, as is being able to identify the associated risk triggers.
5. Data telemetry is important to Zero Trust
Data is at the heart of a successful Zero Trust approach. For example, Code42 applies user, file and vector signals to detect and prioritize insider risk response. All of this involves the collection of file data and metadata that plays a valuable role in framing up a Zero Trust strategy.
I get it. You’re inundated with webinars about how to secure your organization in the Age of Covid. Just consider the impact that distributed entities have on insider threat detection and remediation. Check out the full webinar here.