Insider Threat Program Lessons Learned

As Insider Threat Awareness Month draws to a close, it’s worth taking a look back at the trends and developments that shaped the industry’s thinking over the past year, what lessons were learned and how they can inform insider threat program best practices moving forward.

Here are our top three lessons learned, along with links to blogs and webinars from the past 12 months that go into greater depth on each point:

‘Whole-Person’ Analysis is Essential: Heading our list is the growing recognition among insider threat mitigation experts that technical indicators found in conventional SIEM and UEBA systems just aren’t adequate to find the really dangerous insiders, at least in time to avert a crisis. Analyzing non-technical indicators like personnel data, travel and expense records, badge data and even third-party records can reveal additional early indicators that someone is about to become an insider threat. Couple this with a probabilistic model that ‘reasons’ on the data to highlight the highest-risk insiders sooner rather than later and you’ve got a powerful tool that proactively prioritizes where you should focus your scarce analytic and investigative resources.

Develop a Five-Point Program: To be effective, an insider threat mitigation program must consist of five distinct elements. As we outlined in our five-part webinar series earlier this year, these elements are: Governance, Identification, Deterrence, Detection and Response. Skip one or more of these and your program won’t be nearly as effective.

Technology Doesn’t Solve Everything: This statement might sound strange coming from a software company, but the reality is that technology is only one component of a broader program that involves implementing the right policies and procedures, obtaining buy-in and ongoing support from top leadership and developing an effective program to communicate program missions and goals to staff and management. Use the governance element to create and manage the non-technology portions of the program.

Implementing an integrated insider risk mitigation program that combines clearly articulated policies, cross-departmental cooperation and leadership buy-in with the right investigative processes and analytical tools is not just good corporate practice, it also can save your company from data loss, reputational damage, civil liability exposure and, potentially, federal and state regulatory enforcement actions.

# # #

Note: Need a quick introduction to Haystax’s risk-based whole-person approach to insider threat mitigation? Check out our new solution intro video on the Haystax Insider Threat Mitigation web page.

CNAP

Cloud Native Anayltics Platform

GSOC

Global Security Operations Center

EMDR

Enterprise Managed Detection & Response

RTaaS

Red Team-as-Service

SIRT

Security Incident Response Team

CLOUD

Cloud Security

ITDR

Insider Threat Detection & Response

Overview

Our Unique Approach

IAM

Identity & Access Management

CRC

Cyber Risk & Compliance

EA

Enterprise Architecture

STAFF

Strategic Staffing

LAB

Technology Lab

Cyderes: The New Powerhouse in Managed Cybersecurity

Actionable Security Operations Tools for Educational Institutions

Google Cloud Security Talks – Fireside Chat Replay

CYDERES’s First Code-a-Thon: Collaboration and Competition

Insider Threat Program Lessons Learned