BUSINESS INSIGHTS
where that data resides ? Are we monitoring who has access to that data ? stealing company data and trying to cause harm to the organisation .
Adenike Cosgrove , Cybersecurity Strategy , International , Proofpoint
With the Great Resignation we ' ve seen an increased risk around insider threat incidents because as people are leaving organisations they ' re taking data with them , believing it to be theirs .
We are seeing these trends where individuals are taking data or accessing data in interesting new ways . Forrester coined an interesting phrase , stating that COVID-19 has introduced ideal conditions for insider threat – and that ' s ultimately because we ' ve enabled more access . So , we need to monitor that data .
How can CISOs best protect against these different attacks and ensure employees are aware of the threats presented to them ?
But fundamentally , the foundation of any defence is visibility . You need to have total visibility into your data and your people . The data that they are creating and how they ' re accessing it , where it resides , who has access , whether it ' s on premises or the cloud and how people are working with that data .
It ’ s not just about confidentiality . It ' s also about the integrity and availability of that information . Then you need to implement technical controls like DLP solutions , or security solutions that are ultimately preventing those criminals from stealing credentials and getting access to those Crown Jewels and cloud stores . You can then implement appropriate controls to protect the threat landscape of that individual .
First , it ' s understanding – what type of insider are you dealing with ? That should inform how your security team responds . If you ' re dealing with someone that ' s made a mistake , perhaps you want to send them to training again or make them aware of a security policy of and their responsibility in protecting that data .
Your response plan will be completely different if , for example , you ' re dealing with a compromised user , someone who has maybe inadvertently given up their password and username to a cybercriminal and the criminal is now acting as that person , because they ' re logging in using their credentials .
Further , you ' d be responding slightly differently if you ' re dealing with someone that is intentionally
Also , you need to create a strong security culture . That means understanding the behaviour of people , what good behaviour you want to implement , and then building a culture programme and awareness programme to ultimately change behaviour towards that good .
As a final recommendation , people are the new perimeter , so we recommend implementing a layered defence .
This includes dedicated insider threat management solutions , a strong security awareness training programme and ultimately , a critical and strong threat protection solution that ' s blocking threats from reaching your people , irrespective of the channel or technique or platform that the criminals leveraging . x
68 www . intelligentcxo . com