This September marks the sixth annual National Insider Threat Awareness Month (NITAM), which is held annually to promote insider threat awareness. This year’s NITAM theme of “Deter, Detect, Mitigate” highlights the importance of an integrated approach to insider risk management (IRM) that combines preventive controls, human risk management, detection and investigation, and incident response.
Why is insider risk such a big focus right now? Forrester’s recent Security Survey finds that 22% of data breaches are caused by internal incidents. Those could be accidental policy violations or outright malicious acts by an insider. Either way, more organizations are starting or maturing IRM programs to address the growing number of insider incidents more directly.
Key Areas To Focus On
While there are a number of technology solutions that can help manage insider risk, this is essentially a human problem, so it can’t be addressed by technology alone. With that in mind, here are six key areas to focus on:
- Prevention: leveraging identity management and data security to limit access and stop data loss.
- Awareness: sharing knowledge of safe data-handling principles and policies.
- Threat intelligence: using internal and external threat intelligence, including HR data, to identify risky users.
- Detection and investigation: putting technology and processes together to identify and investigate risky users.
- Response: having processes and policies to respond efficiently to insider incidents.
- Advocacy: turning your insiders into security advocates.
Next Steps
For security leaders, the best course of action is to ignite ingenuity in your security program to find ways to proactively engage your insiders and detect risky behavior before it results in a data breach. Here are some steps you can take to proactively engage users:
- Adopt human risk management (HRM) as part of your security program to help insiders make good security decisions and identify risky behaviors before they become a serious problem.
- Communicate the impact that insider incidents have on your organization. The US government’s NITAM site provides some helpful communication resources to initiate discussions about insider risk.
- Establish a tip line within your organization to report suspicious behavior.
Learn More At Security & Risk Summit
If you’re eager to learn more about insider risk management, be sure to check out the agenda for our upcoming Security & Risk Summit in Baltimore on December 9–11. Principal Analyst Heidi Shey and I will share best practices on how data security and insider risk teams can work together to prevent insider incidents and lower insider risk in a session entitled “Data Defenders: A Collaborative Blueprint To Insider Risk Management.” The session is part of the broader Prevention Detection & Response track that includes a variety of sessions and workshops on topics such as Zero Trust, resilience, AI security, and more.
The Summit will actually have five different tracks as well as six more hands-on workshops to help you understand how to apply security best practices to your own organization. The Summit is also a great opportunity to network with other security leaders and discuss their experiences with insider risk and how to manage it. And of course, Forrester’s team of security analysts will be onsite for meetings and holding “ask an expert” sessions. It’s a packed agenda and always an exciting event, so I hope to see you in Baltimore.
