The US National Counterintelligence and Security Center has deemed September to be National Insider Threat Awareness Month to increase awareness about insider threats. 2019 is the first year that we’ll be acknowledging insider threat during the month of September.
Insider threat, particularly threats posed by malicious insiders, certainly deserves our attention. In 2018, Forrester survey respondents indicated that 53% of data breaches were the result of insiders. Over half of those incidents were malicious in nature.
By definition, insiders have unique understanding and access to your most critical data — PII, PHI, PCI, and intellectual property. They know where it is and likely know how to compromise it and exfiltrate it. Research shows that insiders are looking for ways to sell data and are being actively recruited (many times by foreign adversaries).
Awareness of the problem, however, is only the first step in addressing it. Defending against insider threats requires a multifaceted approach and buy-in from all parts of the organization. Technology alone won’t solve it.
If you don’t already have an insider threat program or process, take the opportunity this month to start the conversations. Learn the common types of insider threats and the telltale signs that an employee, contractor, partner, or vendor may turn malicious. Think about the ways you monitor for sensitive data exfiltration. Would you be able to tell if someone stole your data? What would you do if you did detect it?
Too often, I find that organizations start their insider threat program in response to an incident. Getting ahead of the problem will reduce the risk of an insider incident.
Learn more about insider threat and the best practices to starting your insider threat program by reading my report, “Best Practices: Mitigating Insider Threats.”