According to an IBM 2016 report, insiders are liable for 60 percent of all data breaches. From which 75 percent was done with unpleasant objectives and 25 percent were unintentional. Moreover, the Verizon’s 2017 survey puts the number of insider-led data breaches even higher, at 77 percent and states that the cost of insider breach remediation possibly will reach $500,000 in coming years.
The growing number of cyber incidents and insider involvement has raises a red flag for many organizations, having large number of employees without automated processes to control and track employee activities.
Here are some basic prevention techniques to eliminate the insider threat to some extent:
Automate the Process of Wiping Devices:
Windows Active Directory service is mostly used for the centralized management of user account and when an employee departs from the organization, the HR department deactivates that employee’s AD record. In the ideal case, the deactivation should serve as a trigger to automatically wipe the data off the exiting employee’s devices. But, due to various complexities and lack of resources, this process is carried out manually.
By synchronizing the security tools and other identity management tools with the Active Directory to trigger automatic data wipes can help prevent departing users from continuing to access company data, especially on cloud services that don’t require users to log out periodically.
Get HR, Legal, Security and Business Management to Work Together:
In most of the organizations where processes are highly supervised and monitored by the administrators and security staff, the employee collaborates with top level management and within each other to identify an insider threat and suspicious employee. It is good practice to work as a team, rather than working separately in the same corporate environment.
Enhanced collaboration can help in monitoring and deployment of the company’s policies to the end user/ employee. Moreover, it’s the first step towards knowing your users and what they are doing? Knowing your users and what access they should have is one of the biggest steps you can take to protect yourself.
Don’t Just Focus on Work, Try to Identify Employee’s need:
For organizations, investing more in IT equipments and security solution is not enough to prevent an insider threat, the more you understand your employee’s need can have a great impact. “Don’t forget that there’s a person involved in every data breach, and understanding what they did before and after that breach is important, so you can be predictive and proactive instead of just being reactive”, says Mike McKee, CEO of ObserveIT, an insider threat monitoring and analytics software provider.
It’s essential to work as a team to identify insider threat rather than deploying advanced security layers and neglecting employees itself. No organization can solely rely on automated software or security layers. To prevent an insider threat, it is necessary to work with employees to identify the threat and prevent the associated risk.