with malware. Against this backdrop, the
rise in negligent insiders makes perfect
sense. When it comes to preventing
insider threats, most organisations opt for
a combination of user training awareness,
data loss prevention and user behaviour
analytics to educate and equip staff. Both
awareness training and user behaviour
analytics are highly cost-effective.
Companies employing these techniques
The most effective
way to avoid the
damage caused by
insider threats is
to prevent them
where possible.
report cost savings of US$3.42 million
and US$3.1 million, respectively. Data
loss prevention, while important, is less
so, resulting in average cost savings of
US$1.88 million.
By far, the most cost-effective method
of minimising and managing insider
threats is a combination of awareness
training, user behaviour analytics and
privileged access management (PAM)
– the latter reducing average costs by
US$3.1 million. Despite this, PAM is only
deployed by 39% of organisations.
PAM, along with other proactive,
preventative solutions, hold the key,
not just to reducing the costs of insider
threats but in minimising their frequency
and success rate.
Don’t be left counting the cost
Threats from insiders – be they
malicious or otherwise – sit outside the
realms of your standard cyberdefences.
They require a deterrent of their own.
All organisations must implement a
comprehensive and effective insider
threat management programme, to
deter, detect and defend against
rising numbers of incidents. Network
monitoring and surveillance, along
with solutions such as PAM, should be
a key component. The most effective
way to avoid the damage caused by
insider threats is to prevent them where
possible. Use the tools available to
flag suspicious activity, block unusual
access requests and ringfence sensitive
information and privileged credentials.
Training and education are just as
important. Ensure that your users are
aware of common threats, that they
understand how their behaviour can
increase the likelihood and success of
attacks, and that they understand their
role in defending against these threats.
If an attack is successful, containment is
key. The faster an incident is contained,
the lower the cost. Ensure protocols and
protections are in place to identify and
rectify any incident as soon as possible.
Before, during and after an insider
threat, vigilance and responsiveness are
vital. The better you know your people,
your environment and your systems, the
better you can protect them from threats
– whether they’re knocking at the door,
or already inside. u
All organisations
must implement a
comprehensive and
effective insider
threat management
programme, to
deter, detect and
defend against
rising numbers of
incidents.
www.intelligentciso.com | Issue 26
65