A new whitepaper just released by Intel will offer you some good guidance on how to deal with the insider threat. Insiders are responsible for almost as many losses, breaches, and thefts of sensitive and confidential data as cybercriminals. According to a recent Intel® Security data exfiltration study, more than 40% of data loss is caused by insiders, roughly half intentional and half accidental.
The latest insider thefts have even prompted the US Department of Defense to require affiliated companies to have a program that can “Gather, integrate, and report relevant and available information indicative of a potential or actual insider threat.”1 Whether you do business with the defense industry or not, tackling insider threats is not only a critical challenge to address, but it’s also a team effort, necessitating work in data classification, policy development, and incident response, backed by a strong set of data loss prevention tools.
The document peels back the issue into bite size valuable pieces. Topics include:
- Building a Defensive Formation
- Focus on the Data
- Coaching a Security Culture
- Zone and Player Coverage
- Profiling the Players
- Building the Defensive Playbook
Finally, the human element is a fundamental part of insider theft that should be at the forefront of your planning. Social engineering and credential theft are much easier for internals than externals, so additional precautions and visible checks and balances are necessary to protect your most sensitive data. For example, multi-person controls make it much more difficult for a lone insider to access and exfiltrate restricted data. Or the simple mechanism of copying the manager as well as the user when a policy violation is detected.
You can’t totally eliminate the threat….but there is a lot you can do to improve your posture.