Becoming a manager is often seen as a positive step in a career path. It is a signal that the organizational leadership not only trusts that you have the best interests of the business in mind, but that you are capable of stewarding others to perform the same way. However, one of the most difficult responsibilities of being in a management position is the ability to guide others to perform well. One survey from 2016 found that the main management challenge is “involves finding the right “balance.” More specifically, finding the balance between individual responsibilities and time spent managing others.” More recent polls show similar concerns.
The job of a manager is not easy, and when tasked with a particularly troublesome employee in the midst, then there is also the compounding risk of an insider threat. Fortunately, there are some basic principles that can reduce, and prevent this risk.
Cross-collect
Many times, a security audit will focus on gaps in systems or practices. This is among the hardest part of security. In order for an insider risk management solution to be effective, it needs to track behavior across disparate platforms, as well as multiple devices. Anything less will result in those dreaded gaps that can cause data loss, which can be worse than a mere spot on an audit report.
File guile
In the early days of computing, one method that people used to try and trick others was to rename a file extension so it would blend in with other, insignificant files. Renaming a file, such as “Employee Bonuses.xlsx” to “Kitty Kat.jpg” prior to making unauthorized copies to another location. A reputable insider risk management platform would alert and prevent such evasive techniques.
Permission sharing
One of the early conceptual models of computing security dictated that a person at one level should only be able to read a file at their assigned level of authority. Conversely, another person would be restricted from writing to a file that was below their level. These concepts were designed for environments with high security, and considering how privacy and security have become mandatory in recent years, the need to control permissions is very clear. Many directory services enable a person to share files with another person who may not be officially permitted see those files. Permission sharing, whether through internal file manipulation, or shared hyperlinks can create an elevated insider risk, and requires protection.
Roles and directories
Similar to file sharing, it is important that employees are assigned access based on their appropriate roles. An insider risk management can only accomplish this in tandem with
Integrated directory services, whether they reside on-premises, or in the cloud.
Watch, and remediate
No one likes to feel like they are being watched, and, if implemented correctly, an insider risk management does not have to present itself that way. With the proper deployment of watchlists, along with quick remediation, staff can feel more comfortable, knowing that the risk management platform is a protective mechanism, rather than a punitive control. The sensitive information that is being secured may be employee records, making it one of personal, as well as corporate protection.
Distinguish the differences
An important function of an insider risk management solution is its ability to differentiate between a corporate app, versus a personal copy of the same application. For example, a corporate version of a popular email app may also be the same one that an employee uses for personal messaging. These should be able to function with equal ease.
The value of a replay
Ever since professional sports leagues have adopted the use of a replay video to examine close plays on the field, the nature of the games have changed. Some of the resulting decisions may still be controversial, however, there is no disputing that a replay builds a stronger case than the often arguable reliance purely on eyewitness accounts. The same is true of insider risk management. The capability to replay screen shots of questionable events adds credibility to the accompanying evidence.
Seeing the highlights
Many analysts can recount how they can look at a screen while incredible amounts of data scroll by, hindering their ability to find the relevant information they need to determine the root of a particular event. A good insider risk management solution reduces the look of this dizzying data flow by highlighting the relevant forensic information, leading to faster discovery and resolution.
Tool integration and reporting
One of the most valuable aspect of any security solution is that it works well with other solutions, such as a SIEM tool. When integrated further with broad API offerings, an insider risk management tool can work with most other third party tools. Along with that, the management platform must have reporting that is informative, giving a full picture of the examined events.
Combined capabilities deliver combined benefits
The topic of insider risk management is extremely broad, and there are many other items to take into consideration when implementing an insider risk management practice. From a technical standpoint, the most important part of any insider risk management platform is that it should not take a swarm of tools to accomplish the task. A top insider risk management solution is one that works by “combining traditional endpoint data loss prevention with incident response capabilities in order to empower cybersecurity teams to discover and detect not just individual instances of real-time sensitive data exposure within applications, but the end user activity leading up to these incidents.”
An insider threat is not always carried out by subordinates. While the typical staff is often the most likely culprit, that is only because they outnumber those in higher positions. Anyone can be an insider threat, but if the right insider risk management principles are observed, then the risk is minimized, making everyone’s job easier.
Bob Covello (@BobCovello) is a 20-year technology veteran and InfoSec analyst with a passion for security topics. He is also a volunteer for various organizations focused on advocating for, advising others about staying safe and secure online and works with Bora Design.
- How to Prepare for a Cyber Security Job Interview - June 15, 2023
- Unblocked Games: Unlocking Fun and Learning Without Restrictions - June 14, 2023
- The 10 Principles of Insider Risk Management - June 14, 2023