Insider Threat Management
To manage the risks arising from internal threats from a cyber risk perspective, means that it has to be taken on as a business problem. Executives do not need to suddenly become cyber security experts, but need to lead the discussion with an emphasis on:
- Focus on risk mitigation versus compliance requirements: Many organizations are heavily focused on addressing audit and regulatory findings, but the solutions implemented often do not help reduce risk and address threats that the company faces.
- Build and maintain a comprehensive inventory of sensitive assets and data: Many organizations don’t know where their data is. It’s very difficult to appropriately protect data if you don’t know where it is collected, stored, used, and transferred both inside and outside the organization.
- Focus on implementing solutions to protect data and monitor for data loss at the “data layer”: Many organizations are not effectively implementing critical capabilities such as Data Loss Protection (DLP) solutions, encryption and database activity monitoring, among others. Building the capability to monitor systems, applications, people, and the outside environment to detect incidents more effectively.
- Consistently execute the security fundamentals: Many organizations are still not consistently executing fundamental data protection capabilities (e.g., patching, privileged access, asset management), which leaves sensitive data even more vulnerable.
This may require more investment, but it may also simply entail a new approach. The crux of that approach is to recognize that managing cyber risk must be an inherent aspect of growth and innovation strategies. The two cannot be separated.
For more information go to https://gttb.com/insider-threat-preventing-data-exfiltration/