Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Member Portal
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Member Portal
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
Master CSA’s Security, Trust, Assurance, and Risk program—download the STAR Prep Kit for essential tools to enhance your assurance!

Responding to Insider Risk is Hard. Here Are 4 Things You Need to Do.

Published 05/11/2023

Home
Industry Insights
Responding to Insider Risk is Hard. Here Are 4 Things You Need to Do.

Originally published by Code42.

Written by Meredith Atkinson.

Data doesn’t move outside your organization by itself. It’s your employees who move it. Data loss from insiders is a growing concern for organizations. In fact, there was a 32% year-over-year average increase in the number of insider events this past year, equating to an average of 300 events per company per year. And it’s not slowing down. 71% of companies expect data loss from insider events to increase in the next 12 months. This increase in events will create more work for your security teams who are already stretched thin. In order to respond to these increasing events you need a program that’s both scalable and effective.

What does effective response to Insider Risk look like?

A successful Insider Risk program requires response controls that automate resolution of everyday mistakes, block the unacceptable, and allow your security team to easily investigate what’s unusual.

1. Set expectations

Before you implement an Insider Risk Management program, you need to set transparent expectations with your users. In the same way parents set expectations by creating rules for their children, security teams need to do the same for their employees. It’s critical to communicate your security policies and programs with your users so they can understand what is – and more importantly what’s not – acceptable when it comes to sharing data. Setting the ground rules will not only get everyone on the same page, but will give you clear means to hold employees accountable when rules are broken.

2. Change behavior

Once you’ve set expectations, you can focus on changing the behavior of users who will inevitably make non-malicious mistakes when it comes to data – they’re only human after all. Much like creating and sticking to a curfew for a child, holding your employees accountable for their mistakes will deter them from making the same mistake in the future.

Real-time feedback to your users is critical when changing behavior. Having a program that can send tailored micro-training videos to users is an excellent way to hold users accountable. For example, if Mark uploads a document via Dropbox but your company uses Google Drive, you need to be able to send just-in-time training to Mark letting him know the mistake he made and the way this should be done in the future. This accountability helps people follow rules and changes behavior over time. It also allows security analysts to address low and medium risk events at scale.

3. Contain threats

Training employees and holding them accountable for missteps will help with the majority of event volume, but we all know there’s no such thing as perfection. Insider threats will happen. Users will share data they aren’t supposed to. They will exfiltrate critical information like IP, customer lists, and product roadmaps.

When this happens, you need to be able to quickly and easily take action to minimize damage. You need to be able to quarantine an endpoint, remove or reduce system access, and revoke file sharing privileges on a user level. Once you’ve taken the appropriate action, you can conduct a thorough investigation into the event and determine the best course of action to secure the data and address the user.

4. Block activity for your highest risk users

The final piece to a comprehensive response strategy is to be able to stop your riskiest users from sharing data to untrusted destinations. Your highest risk users, like departing employees, contractors and repeat offenders, pose a threat when sharing any data to destinations outside of your organization. By blocking activities for these users, you ensure the rest of your organization can continue to collaborate while knowing data remains protected from the users most likely to cause harm.

About the Author

Meredith is a Senior Product Marketing Manager at Code42 primarily responsible for the Incydr product content and launches.

Risk ManagementThreat Intelligence

Share this content on your favorite social network today!

Core Cloud
Related Resources
Top Threats to Cloud Computing
The eleven salient threats, risks, and vulnerabilities in the cloud.
Certificate of Cloud Security Knowledge (CCSK)
The industry's standard cloud security credential.
Corporate Membership
Gain knowledge and connections in the cloud industry.
Latest from CSA
Mark Your Calendar for Cyber Monday!
Map the Transaction Flows for Zero Trust
Advance AI Risk Management
Level up with Cloud Infrastructure Security Training
Related Articles:
Establishing an Always-Ready State with Continuous Controls Monitoring

Published: 11/21/2024

AI-Powered Cybersecurity: Safeguarding the Media Industry

Published: 11/20/2024

Managing AI Risk: Three Essential Frameworks to Secure Your AI Systems

Published: 11/19/2024

Top Threat #5 - Third Party Tango: Dancing Around Insecure Resources

Published: 11/18/2024