Because insider threats can cause so much damage to an organization, and because they are so difficult to identify and stop, it’s important for security teams to dedicate an integrated program to specifically address these types of threats—especially for organizations that rely on privileged information to create value for their customers, their shareholders and their employees.

security services graphic

It’s also important to take an integrated approach across many different technology and business areas with two important goals in mind:

Reduce your exposure. The more end users have access to sensitive information, the greater the chance that someone will put it at risk, either maliciously or by mistake. Ensure you are limiting access to only those users who absolutely need it, and that your controls stay current as your user population changes and evolves over time. Similarly, the easier the information is to access, and the more places it resides, the higher the chances that an insider, or an outsider with stolen credentials, will be able to gain access for the wrong reasons. Ensure that your sensitive data is appropriately protected, and has the right access controls in place to assure the identities of your legitimate users.

Detect threatening insider behaviors. For those users who remain and truly require access to your privileged information, monitor and record their transactions and their risk levels. Understand both what constitutes a normal interaction with your crown jewel data for each individual user, and how likely any of these users are to become disgruntled. This will help you anticipate the risk of malicious actions before they occur so you can respond promptly in the event of a breach.

These results can be achieved with an integrated approach. First, identify crown jewel data, where it is located, how it is accessed and by whom. Then protect your critical information with appropriate access controls and user governance for all your privileged users—not only the infrastructure-level administrators, but anyone who has access to valuable data, such as executives. Last, detect suspicious activity to stop bad actors by analyzing privileged and golden-user behaviors.