Malicious insiders are hogging the limelight, narrowing the focus on a smaller group that puts enterprise data at risk. Mark Kraynak, Senior Vice President here at Imperva, sheds some light on the topic in this blog, explaining why we feel Garner’s paper onInsider Threats presents a limited viewpoint. Deloitte’s definition of Insider Threats is much broader and includes ignorant and compromised/complacent users. This view is more in line with that of the cyber security professionals. Deloitte aptly calls the users who fall prey to external actors without malicious intent as “innocent users”.
As Mark mentioned, once you include the compromised and careless users, identifying insider threats is extremely challenging. The infographic from Deloitte shows the widespread risk of insider threats for government agencies, but we think this applies to every enterprise. The Deloitte findings are mostly in line with our research report Insiders: The Threat is Already Within. Our research included participants from enterprises and government agencies.
To effectively identify risky insider behavior, solutions for detecting insider threats have to account for the context of data access—Who is accessing my data? Is the access okay? How do I respond quickly?
The primary challenge is that you must trust your employees. Yet how do you verify that your trust is well placed? Start by monitoring access to sensitive and valuable data, and put systems and guardrails in place that protect both your employees and your data. Current solutions fail to focus on the target of the attack –your data—and generate too many alerts or false positives as a result of the lack of data context. Our approach to insider threat detection is deeply rooted in our extensive domain expertise of protecting enterprise data.
Listen to our security experts and discover how to:
- Improve visibility into insider activity
- Monitor users and data access and improve detection rates
- Expand your data security monitoring and stay within budget
For more information on insider threats please read these blogs.