With remote work becoming the new normal and expected to be the same in the coming years, CISOs should incorporate insider risk management to deal with vulnerabilities due to insider risks.
Cyber-attacks on enterprises have surged at an unprecedented pace in the past couple of years. While these attacks continue to evolve, there’s another key category of risk that has become impossible to ignore. Insider risks are prevalent in these times. In fact, as per Code42 2021 Data Exposure Report, 85% of employees are more likely to leak or lose data than at the pre-pandemic level. It shows that conventional data security tools such as data loss prevention (DLP) and cloud access security broker (CASB) will not be able to deal with them effectively. This rigid, over-zealous blocking is hampering productivity and collaboration, which is critical to the business. Hence, organizations must adopt a smarter approach, such as insider risk management for data protection that addresses the complexity and subtle nuances in insider risk. This will bring a fundamental paradigm shift in the way organizations think about insider risk and data protection.
Also Read: Is the Cybersecurity Skills Gap a Resourcing Problem?
Here are the four steps for organizations to start moving towards Insider Risk Management:
-
Identifying the risks
CISOs should strive to gain a broad and deep understanding and visibility across all data activity. As most organizations operate on remote devices, off-network activity as well as unauthorized shadow IT applications, they have a lot of blind spots. These blinds make it difficult for CISOs to manage what they cannot see. Therefore, CISOs should have a roadmap about what they do not know and ensure that they put tools and techniques in place for gaining visibility across all the data activity.
-
Finding their risk tolerance
To enable the speed, innovation and agility needed to survive and potentially thrive in today’s business environment, most CISOs should have some sort of insider risk tolerance in place. The security teams should define and rank the severity of high-risk events to prioritize and rapidly respond to insider risks. Moreover, CISOs should ensure that their security teams have the technical ability to detect and respond when these high-risk incidents take place.
-
Promoting data usage governance policies
The root cause of the insider risk problem is that CISOs are not following the security and governance problem in place. While it gives a view that the user is at its fault, CISOs should take time to understand the user’s point of view. From their perspective, today’s policies do not address the realities of how they do their jobs. As many organizations still have multiple blind spots when considering how the users move their data, their policies do not provide them with helpful guidance on safe usage.
Also Read: Three Strategic Cybersecurity Outcomes CISOs Should Prioritize
CISOs should design modern data usage governance policies that account for the real use patterns. They should create policies that provide helpful, relevant guidance as well as basic best practices on how employees can navigate the movement of data in the cloud.
-
Collaborating with stakeholders
The successful implementation of IRM requires other departments to actively participate. This stakeholder engagement is key in defining and prioritizing insider risks as business executives are the ones that know what is critical, sensitive and valuable to the organization. The insights from the stakeholders and their views can help CISOs to bring partners from HR, Legal and IT to drive the right-sized response.
For more such updates follow us on Google News ITsecuritywire News