According to the 2020 Cost of Insider Threats Global Report, the cost of an insider threat in 2020 totals around $11.45 million on average. What can your enterprise do to begin preventing insider threats?
First, your enterprise needs to embrace strong security awareness training. Employees create workarounds and make cybersecurity mistakes in part because of ignorance and in part due to feeling rushed; the culture emphasizes speed rather than security. Engaging in security awareness training (making it a regular occurrence, rewarding actions that value security, etc.) shifts the culture to cybersecurity.
Ultimately, education can protect your bottom line.
Second, you need a strong SIEM tool with user and entity behavioral analysis (UEBA) capabilities. UEBA establishes baseline behaviors for all users, whether human or not. It observes how each user goes about workflows and handles data, and after a certain point, monitors them to match those baselines.
An insider threat, especially a malicious one, by definition does not act like they would normally. Instead, they make mistakes or they act suspiciously as they move against their primary target. With UEBA, you can catch these actions before they become full-blown breaches. Rather than getting caught on the back foot, you can begin incident response immediately or as quickly as possible.
Third, SIEM provides log management. This tool helps uncover seemingly disconnected security events from across the network and correlate them. While perhaps not as direct as UEBA in terms of insider threat detection, it can help you in preventing insider threats as well. It can find data moving in suspicious ways, find out who is moving that data and prompt investigations through alerts.
Preventing insider threats can seem like a daunting prospect, especially for larger enterprises. You can learn how to get started with our SIEM Buyer’s Guide; we cover the top providers and capabilities in detail.
Latest posts by Ben Canner (see all)
- Dwell Time: The Cyber-Threat Peril You Haven’t Considered? - January 14, 2021
- LogRhythm Announces Acquisition of MistNet, Threat Detection Platform - January 13, 2021
- Solutions Review Releases 2021 Buyer’s Guide for SIEM - January 12, 2021