+
EDITOR’S QUESTION
/////////////////
SHARETH BEN,
INSIDER THREAT
SME AT SECURONIX
A
ny enterprise that cares about protecting its brand or
reputation needs to pay attention to the threat caused by
malicious and/or careless insiders. The damage they can
cause, due to the risks created by loss of confidentiality or theft of
intellectual property, cannot be ignored.
To solve any problem, firstly there needs to be a proper diagnosis.
The same approach applies for organisations that want to mitigate
the risks caused by insiders. It all starts with a simple, yet difficult,
question – what assets, in the form of information, intellectual
property, money or physical resources, does an organisation value
the most; and how critical are these assets to business functionality?
Some customer-facing organisations will value protecting brand
reputation the most, while others value protection of their
intellectual property. An organisation’s answers to these questions
will determine the path their insider threat
programme takes.
Once organisations identify what they want
to protect, it is advisable to form an Insider
Threat Working Group (ITWG). This group
typically consists of representatives from
various divisions within the company to drive
consensus among key departments like HR,
Legal, compliance, IT risk and line of business.
The team then works together to define
the amount of risk an organisation is willing
to tolerate, or ‘risk appetite’. It is the
ITWG’s mission to educate employees on
the importance of good cyberhygiene, as
well as recognising and protecting against
insider threats.
Once policies and procedures are defined, a
technology that best suits the programme’s
requirements should be chosen. For instance,
a User and Entity Behaviour Analytics (UEBA)
www.intelligentcio.com
technology with a SIEM-like functionality has proven to be useful for
effective insider threat detection and prevention.
“
However, it is crucial for organisations to realise that technology
alone cannot tackle the problem of insiders;
and organisations who put significant
emphasis on the technical aspects alone are
ultimately bound to fail. Therefore, an insider
threat team must consist of both technical
and non-technical staff who have a clear
understanding of the organisation’s culture
and operating model.
ORGANISATIONS
THAT WEAVE
CYBERSECURITY
INTO THE FABRIC
OF THE BUSINESS
WILL STAND THE
BEST CHANCE AT
MITIGATING THE
THREAT POSED BY
INSIDERS.
The key to a successful programme is to
start small and grow it over time. As the
programme gains momentum, data
insights gathered from the monitoring and
detection of insider threats can aid in
implementing both IT controls and
organisational behaviour changes. It is
important that this is a continuous process,
informed by both the individuals that support
the ITWG and the technology that underpins
cybersecurity. Organisations that weave
cybersecurity into the fabric of the business
will stand the best chance at mitigating the
threat posed by insiders. n
INTELLIGENTCIO
35