Top Tips in Honor of National Insider Threat Awareness Month
As National Insider Threat Awareness Month draws to a close, Egnyte is taking this opportunity to reinforce everyday best practices that companies like yours need to follow. The goal of the month is to educate U.S. government and industry leaders about the risks of insider threats and how to effectively address them. At a high level, an insider threat is considered to be an activity aimed at an organization and carried out by those who have obtained access – either directly or indirectly via malicious tactics – to the company’s network, applications, or databases.
This year’s theme, “Critical Thinking in Digital Spaces,” focuses on the increasing role that individuals and organizations play when it comes to insider threat detection and prevention. With the shift to remote/hybrid work – combined with record-high employee turnover – insider threats are a major, and often overlooked, risk that organizations face today.
We’ve asked a couple of Egnyte’s security and governance experts for tips that every company should follow to avoid damage from an insider threat. Here’s what they said:
Neil Jones, Director of Cybersecurity Evangelism: Consider Everyone to Be a Potential Insider Threat
Companies should assume that everyone is a potential insider threat. While some insider threats may be benign and result from user error like a current employee accidentally sharing confidential information with a third party, most insider attacks are malicious and can be even more devastating than external attacks. This is because authenticated insiders can gain access to a much larger attack surface than the average cyberattacker.
Other critical contributors to insider threats include employee turnover and poor data governance controls. When employees resign, for instance, they can extract information from company files that could benefit them in their new jobs with a competitor, or even worse, publicly embarrass the organization by sharing privileged information. What’s more, we are seeing instances of ransomware gangs working directly with company employees to facilitate attacks.
Kris Lahiri, Co-Founder and Chief Security Officer: Keep Up with Access Management
Insider threats have proven to be costly, with companies spending an average of $644,852 on each insider incident. The good news is there are proper steps that organizations can take to detect potentially malicious activity, such as determining what files are routinely accessed and by whom. In doing so, organizations can indicate unusual user access to sensitive data by recognizing commonplace user behavior and patterns.
Companies should also ensure that they limit users’ file access to sensitive information on a “need to know” basis. As an example, a typical employee should not have access to financial growth plans or HR documents listing sensitive employee information without justifying their request first.
Jeff Sizemore, Chief Governance Officer: Control Data Sprawl
The average company manages multiple data repositories at one time, with unstructured data (e.g., emails, video/audio files, social media data) in particular growing at an exponential rate. Data sprawl not only increases a company’s potential cyberattack surface, but it also impacts users’ business productivity.
Organizations must have visibility into structured and unstructured data because if you can’t see the data, then you can’t properly govern it. By establishing data governance, businesses can better secure and manage their content, especially in today’s digital workplace where data is more dispersed than ever before. Overall, an effective data governance program should prioritize data security, in addition to utilizing network security best practices and maximizing users’ cyber education.
Continue the Learning Process
By taking a proactive approach, organizations can help mitigate the risk of insider threats before it’s too late. Check out some of Egnyte’s resources around insider threats like our recent webinar.