Companies have a growing problem: they can’t possibly track all their potential insider threats without being overwhelmed by alerts, and then wasting precious time investigating false positives.
Given the limited size of their analyst teams, the most logical solution to this problem is to focus on pinpointing only their highest-priority insiders — meaning the individuals who can do the most harm to the company’s personnel, finances, intellectual property, data, systems or reputation.
That may sound easier said than done, but there is a way. David Sanders, Director of Insider Threat Operations at Haystax, outlines one highly effective four-step solution in a newly published article in Dark Reading.
The four steps are:
- Use all available data to establish context — early.
- Identify high-risk insiders based on access and roles.
- Gather and evaluate behavioral indicators.
- Develop a model for risk scoring based on context and behaviors.
He also stresses that security leaders who want to establish a sound insider threat mitigation program must apply a combination of policies, processes, and technologies — and then communicate and drive program implementation across their enterprises.
The goal, he concludes, is not merely to find the bad apples. On the contrary, once high-risk users are identified — and assuming they haven’t done anything illegal — “companies should proactively engage with them, working collaboratively to reduce their risk and get them back to using their full talents and energies.”
# # #
Note: On March 19, David led a webinar demonstrating the capabilities of Haystax’s flagship Insider Threat Mitigation Suite, and showed how it can solve the most difficult challenges organizations face when trying to proactively stop insider threats within their own ranks. Click here to view the webinar on Haystax’s YouTube channel.