You are currently viewing Mitigate insider risk with these tools

Mitigate insider risk with these tools

Use best practices for deployment

UAM, CDR, and RBI should be deployed in stages. Start by collecting data about normal user and network activities from your control points, from endpoint sensors to edge devices to your cloud access security broker (CASB). The right visibility is the key to knowing what, when and how to apply technology to increase the overall efficiency and responsiveness of your program.

Then develop policies regarding user behavior and what your organization considers a compromise. The sensitivity of your data, how employees interact with the data, and the criticality of your mission all determine how you define a breach. Your policies should also be dynamic to reflect changes in your mission and data needs.

Then involve stakeholders from management, human resources, legal, compliance, IT, communications, etc. to explore what-if scenarios and determine how you will respond to a breach.

READ MORE: Separate fact from fiction when it comes to zero trust.

An employee who steals data will implicate the cyber team, but what if a user views inappropriate material on an agency laptop? What if they make threats online? This may involve HR or legal.

You are now ready to deploy your new cyber tools. In addition to monitoring user activity, UAM can validate the effectiveness of your other security solutions and checkpoints such as data loss prevention, CASB, and external device controls.

Once you have the proper visibility to determine anomalous behavior, you can overlay technologies such as CDR to neutralize the threat of malware embedded in content that might otherwise appear unsuspicious. Then, RBI can be added to further isolate employees from malware embedded in specific web pages viewed as part of a person’s daily work.

Protect worker privacy like you protect data

When mitigating insider threats, don’t forget user privacy. Effective protections will incorporate confidentiality. Look for solutions with a strong, immutable audit trail designed to prevent technology from being misused by people with access to sensitive company data. Tools must remove preconceived “human bias” and allow data to guide critical business decisions.

EXPLORE: How can agencies best implement a zero-trust architecture?

In addition to an audit trail, privacy protection should include granular policy controls, role-based access, two-person authentication (where applicable), and encryption of data in transit and at rest, for n to name a few. Having confidence that the technology is applied correctly will go a long way in building consensus and adoption for your insider risk management program.

UAM, CDR and RBI will not eliminate user threats completely, as no cyber solution can. But they offer proven and effective protections that can significantly mitigate insider risk. By building on each other, they can provide a closed loop of flexible protections that ease the burden on your users and cyber team while strengthening your agency’s cybersecurity posture.

Leave a Reply