How to Build Scalable Insider Cybersecurity Threat Triage Processes

Highlights from C5’s Executive Roundtable Series

We recently had the pleasure of hearing from experts at Pathfynder about the changing dynamics of insider threat and how to build scalable internal processes for better data security.

C5’s latest Executive Roundtable session was led by:

  • DJ Fuller, Chief Executive Officer, Pathfynder
  • Mike Mullen, Chief Operating Officer, Pathfynder
  • Brad Palm, VP, Services and Technology of Pathfynder
  • Bryan Clements, Senior Director, Cyber Operations, Pathfynder

Trends to look out for in 2021

The shift to remote work has dramatically changed the insider threat landscape. A recent report found that employees are 85% more likely to leak sensitive files today than they were one year ago, before Covid-19 shifted the world into virtual working arrangements. Insiders also caused 60% of data breaches in 2020, costing companies an average of $11 million a year. This can be due to a combination of malicious activity and unintentional negligence with respect to a company’s internal data protection policies. Insider-caused breaches are on the rise given the #WFH state of play, but also because most businesses focus their cybersecurity investments on the perimeter. 

Breaches resulting from insiders come in all shapes and sizes, and there is no silver bullet solution. So it’s important to begin building your policies and baselining your technology capabilities with an eye to reducing visibility gaps, considering where your critical data resides, and creating triage processes. Your people are your best asset for mitigating this enterprise risk!  

Key tips and best practices:

  • Begin building policies that enforce trust and understanding and behaviour representative of your culture.
  • Communicate best practices in data hygiene and cybersecurity to your staff regularly to mitigate the possibility of negligent insider threat. 
  • Build your insider threat processes by first considering where the data you care about resides, then leveraging your existing tools or expanding your tool set to increase visibility. 
  • Leverage analytics and playbooks to reduce analyst workload and create efficiency in identifying insider threats.
  • Refine analytics and playbooks over time based on key learnings, industry trends, and best practices.
  • An effective insider threat programme will be attuned to both internal and external signal

Insider threat – like all cybersecurity challenges, is a wicked hard problem as the Pathfynder team says. Pathfynder is a leading cybersecurity firm specialised in building Insider Threat Programmes, trusted by small and medium-sized businesses and Fortune 50 companies. 

To sum up, it isn’t about the number of people or tools you throw at the challenge.  It is about effectively employing those tools and creating a programme that can grow and adapt with the insider threat landscape.

Fore more information, visit the Pathfynder website >>

« Back to News & Perspective