Security Tools Essential to Stop Insider Threats

Posted October 18, 2022

According to the 2022 State of Remote Work Survey published by Pulse, 47% of respondents would prefer a mostly or completely remote work arrangement for their team. The results from the Pulse survey shouldn’t be surprising, we’ve seen the shift to remote work progress rapidly for over two years now. And now it seems some form of remote work is here to stay for nearly every office environment. According to Pulse, only 8% of remote employees are willing to return full-time to work after the pandemic. While 48% of workers want to work from home permanently, and the remaining 44% want to work from home for part of the week.

Insider threats to security are not a new concern, but the challenges insider threats present have been magnified through the dramatic shift to remote work. Along with the “work from anywhere” movement, another major shift is underway which is fueling the insider threat to security. At the same time as we accept the reality of increasing remote work, organizations are growing increasingly reliant on the digital transformation. According to Statista, the amount of data captured, copied, and consumed is expected to grow to more than 180 zettabytes through 2025. If a zettabyte is hard to grasp, the parabolic trend in the below graph should simplify comprehension of the digital storage growth we are witnessing. In the next three years, our total data and information stored will double.

This confluence of remote access to information that enables work from anywhere and the digitization of everything has elevated the risk presented by insider threats. Malicious attacks or even inadvertent leaks can hit at any time and from any location and now they potentially have access to far more information.

In a new survey published by Microsoft on Building a Holistic Insider Risk Management Program, two-thirds of respondents stated that “Data theft or data destruction from departing employees is a form of insider risk that is becoming more commonplace.”

According to Verizon’s DBIR, financial gain represents the largest motivator for intentional insider attacks; however, according to Microsoft, the greatest impact witnessed by the victim organization from the attacks is the loss of data. To the victim organization, the data lost represents the largest impact on business even though the average single-event incident cost exceeded $500,000.

So we know the world is becoming exponentially more digital, remote work is likely here to stay in one form or another and this creates an opportunity for increasing insider attacks. How do we mitigate the likelihood of these attacks? Fortunately, beyond corporate buy-in and continued employee education around insider threats, many of the security tools essential to general IT security are also key components in defending against insider threats.

Extended Detection and Response (XDR)
Network Detection and Response (NDR)
Privileged Access Management (PAM)
User Activity Monitoring (UAM)
Incident Threat Management (ITM)
Endpoint Detection and Response (EDR)
Security and Information Event Management (SIEM)
User and Entity Behavioral Analysis (UBA/UEBA)

Detecting insider attacks remains a challenge for security teams as insiders often know exactly how to elude security. Combining increased usage of the above tools based on risk factors and triggering events can lead to earlier detection. Triggering events can mean identifying when specific users take specific actions, for instance when an organizational leader accesses, downloads, or exfiltrates particularly sensitive files, such as confidential IP or revenue forecasts. Risk factors that may also lead to increased tool utilization include:

Usage of devices owned or managed by the company
Seniority in the org chart
Having completed specific training
Resignation notice
Access rights to high-risk data
High-risk job roles
Current/prior threatening behavior
New hire probationary period
Duration of involvement in high-risk projects

Of course, no tools or risk factors can match the impact of creating and reinforcing a positive work environment where disgruntled and angry employees are the exception. Fostering an environment that builds a mutually beneficial team environment between leadership, employees, and the corporate mission is essential to reducing attacks. However, no organization is perfect and all attack motivations can’t be eliminated. This is why establishing the proper tools, policies, and protocols to mitigate risks and detect threats is essential to any insider risk management program. Contact us to ensure your data is safe.

Kyle Vinar

Kyle Vinar is Partner / President of Verus Corporation. He oversees all business operations and coaches Verus teams to continually improve on their solutions from client experience to product development and overall solution implementation. He works with all Verus resources to increase efficiencies and excellence in every aspect of their organizational roles. Kyle believes that people are the last real competitive edge that a company can have and constructing a rich culture is a vital step in running a world-class organization. Therefore he strives to create a culture within Verus that allows everyone to show up authentically and grow both personally and professionally, which in turn allows Verus Corp team members to provide clients with top-of-the-line service. Kyle helps balance strategy, capacity, and culture in such a way that has allowed Verus Corp to achieve exponential growth since he joined the company in 2013. One of Kyle’s greatest professional achievements has been in helping lay the foundation upon which Verus Corporation could be named the 2nd Best Place to Work by the Minneapolis/St. Paul Business Journal. Kyle holds a Bachelor of Science in Marketing from St. Cloud State University. He lives in Champlin with his wife and 3 children. He has enjoyed volunteering as a soccer coach for over 6 years and was the former Director of Coaching for Rebels Soccer Club. If Kyle isn’t on the sidelines of one of his children’s soccer games or in the audience of his eldest’s musicals, he can often be found cruising scenic routes on his Harley, in a deer stand, or on the golf course.