Quick Hits: Preventing Insider Threats in Your Business

Quick Hits: Preventing Insider Threats in Your Business

According to the 2020 Cost of Insider Threats Global Report, the cost of an insider threat in 2020 totals around $11.45 million on average. What can your enterprise do to begin preventing insider threats? 

ALERT: Our Buyer’s Guide for SIEM helps you evaluate the best solutions for your business use case and features profiles of the leading profiles, as well as a category overview of the marketplace and Bottom Line Analysis.

First, your enterprise needs to embrace strong security awareness training. Employees create workarounds and make cybersecurity mistakes in part because of ignorance and in part due to feeling rushed; the culture emphasizes speed rather than security. Engaging in security awareness training (making it a regular occurrence, rewarding actions that value security, etc.) shifts the culture to cybersecurity. 

Ultimately, education can protect your bottom line.

Second, you need a strong SIEM tool with user and entity behavioral analysis (UEBA) capabilities. UEBA establishes baseline behaviors for all users, whether human or not. It observes how each user goes about workflows and handles data, and after a certain point, monitors them to match those baselines. 

An insider threat, especially a malicious one, by definition does not act like they would normally. Instead, they make mistakes or they act suspiciously as they move against their primary target. With UEBA, you can catch these actions before they become full-blown breaches. Rather than getting caught on the back foot, you can begin incident response immediately or as quickly as possible. 

Third, SIEM provides log management. This tool helps uncover seemingly disconnected security events from across the network and correlate them. While perhaps not as direct as UEBA in terms of insider threat detection, it can help you in preventing insider threats as well. It can find data moving in suspicious ways, find out who is moving that data and prompt investigations through alerts. 

Preventing insider threats can seem like a daunting prospect, especially for larger enterprises. You can learn how to get started with our SIEM Buyer’s Guide; we cover the top providers and capabilities in detail.  

 

Ben Canner

Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.
Ben Canner