Re-thinking insider threats: Where traditional DLP won’t stop a leak
I recently read about McAfee launching a lawsuit against three former employees, alleging they conspired to steal trade secrets on behalf of their new employer. These individuals are accused of moving to the competitor and exfiltrating business sensitive documents to their personal email accounts.
This sounds like a familiar scenario that I’m sure is on most CISOs’ roadmaps to address. Broadly, the insider threat is a concern for over 95% of IT leaders. But the reason it’s probably remained on the radar for a long time and not dealt with is that most solutions aren’t effective at intelligently knowing the difference between good behavior and bad, email and file content, and valid recipient identity.
Besides accidental data disclosure, this particular scenario is a classic case of insider risk in action: privileged users accessing sensitive internal data and leaking it to personal email addresses or file sharing sites. These edge cases are actually quite difficult for traditional DLP controls to mitigate, as they operate based on pre-defined static rules. This is why new machine-learning based approaches get a strong reaction from leading firms now investing in more modern email security strategies.
Each and every leakage vector outlined in the McAfee case is detectable and preventable by systems that can learn what is the normal pattern of behavior and what is the bad – outlaying risks. When intelligent pattern-based approaches are combined with powerful user-facing DLP, it’s a potent combination. The result is a new preventative and active approach to real-time insider detection and mitigation. When it’s taken to the next level and feedback is provided directly to end users as well as IT ops, it’s a powerful educational, awareness and risk prevention approach. An employee who’s about to do something wrong can be warned automatically, avoiding the embarrassment and cost of an investigation, and the business avoids a breach. That’s better than surfacing risk through monitoring after the fact, when legal recourse is the last and substantially costlier resort for insiders (like in this case), or having to deal with post-breach fallout, fines and unpleasant media coverage.
But there is good news: CISOs – if you’re willing to spend three minutes of your time, you can see a short video on how this new machine-learning technology presents itself and of course, this just scratches the surface. If you’d like to learn more, get in touch at firstname.lastname@example.org or here.