Evaluating the Increasing Risk of Insider Threats

Posted on July 18, 2019 by

Unlawful disclosures of sensitive information have substantially impacted our corporate intellectual property (IP) and our national security. These breaches have required leadership to take a harder look at policies and oversight mechanisms for protecting corporate IP and our nation’s most sensitive data. Employees and individuals with elevated privilege to access sensitive data present greater risk of intentionally, accidentally, or indirectly misusing that privilege by potentially stealing, deleting, or modifying data.

Humans are the least predictive and often the weakest link in the intersection of people, process, and technology. The most well-known insider threat incident occurred in 2013 when government contractor Edward Snowden stole top secret NSA surveillance documents from his work computer and leaked them to several journalists.

Could this insider threat episode have been prevented? Why do organizations not do a better job of protecting and monitoring the removal of sensitive information? For these reasons, we have created a new, free insider threat detection tool-an automated solution that actively monitors data and audits all transfers to removable devices.

The inherent challenges of insider threats in the workplace

Operating systems are not inherently configured to capture the ins and outs of the movement of data when transferring or copying data to removable devices in an automated fashion. Larger organizations often use commercial Data Loss Prevention (DLP) products, which typically carry hefty licensing fees and complexity. This information is required by the DoD, USCYBERCOM, and many other regulated industries to determine appropriate operating thresholds and monitor and perhaps limit the amount of data moved based on predetermined organizational requirements.

Our free, automated insider threat solution for data loss prevention

For Windows Operating Systems (OS), SecureStrux has developed a unique insider threat solution using our Data Transfer Auditing (DTA) utility to capture the unique attributes of files when data is transferred to removable media (CDs, thumb drives, etc.). Our tool records each individual file name moved or copied to the Windows event log, along with other critical attributes. This data can be protected as well as simultaneously sent to Security information and Event Management (SIEM) systems or logging collectors for further analysis and monitoring.

Our insider threat tool does not require any configuration. This insider threat solution, often used as data loss prevention (DLP) and data transfer auditing (DTA) measures, simply listens and records data about the transfer to removable media. With this data transfer auditing (DTA) utility, organizations can now easily monitor what files are taken from their computer systems. This measure alone offers immense assistance in deterring data theft of an organization’s most sensitive information.

Most organizations are understaffed; therefore, effective automation can reduce the strain on human resources, and yet still provide valuable, actionable information that reaches leadership quickly. Automated solutions also enhance an organization’s security posture by providing more rapid detection and response capabilities that minimize insider threat and prevent future breaches. Research has shown that decreased response time reduces the impact and recovery cost of breaches.

While all organizations need to protect their sensitive data from breaches, they do not need to wait until they have the budget or personnel capable of managing complex data loss prevention (DLP) solutions. Adding small protections is an important start to every company’s data protection strategy.

Download our free Insider Threat Tool