2/6
  • Pages
  • Editions
01 Intelligent SecOps
02 Insider Threat Prevention
03 Advanced Threat Research
04 Cyber Threat Hunting
05 Logger to SaaS
06 About ArcSight & Galaxy

The Risk of Insider Threats

Prevent Insider Threats

An insider threat refers to a cyber security risk that originates from within an organization. It typically occurs when a current or former employee, contractor, vendor or partner with legitimate user credentials misuses their access to the detriment of the organization’s networks, systems and data. An insider threat may be executed intentionally or unintentionally. No matter the intent, the end result is compromised confidentiality, availability, and/or integrity of enterprise systems and data.

Understanding the Risk

An insider threat may be executed intentionally or unintentionally but are the cause of most data breaches.

%

companies experience more than 20 incidents per year

Is the amount of days to contain this

$M*

is the average annual cost to contain such incidents

*Source: 2022 Ponemon Cost of Insider Threats: Global Report

Traditional cybersecurity strategies, policies, procedures and systems often focus on external threats, leaving the organization vulnerable to attacks from within. Because the insider already has valid authorization to data and systems, it’s difficult for security professionals and applications to distinguish between normal and harmful activity.

Malicious insiders have a distinct advantage over other categories of malicious attackers because of their familiarity with enterprise systems, processes, procedures, policies and users. They are keenly aware of system versions and the vulnerabilities therein. Organizations must therefore tackle insider threats with at least as much rigor as they do external threats.

Detect

While insider threats may not trigger traditional rule-based alerts it doesn’t mean they can’t be detected. The best way to catch insider threats is through behavioral. Behavioral indicators are triggered when a user, server, printer, or other entity does something abnormal. It is normal for someone from accounting to access a financial folder, but when the intern in marketing opens the folder, it is abnormal and could be an indicator of compromise. Likewise, a user who has never used a USB drive at work suddenly plugs one in and copies 100gb could throw red flags.

Learn more How to Detect Insider Threats

Protect

Protecting against insider threats isn’t possible with a single product, policy, or practice. Rather a combination of tactics should be leveraged to reduce risk. Some of these include:

  • Identifying and Locking Down Critical Assets
  • Increase Visibility through Behavioral Analytics
  • Enforce Policies
  • Promote Culture Changes

When layered together as part of an insider threat program, these tactics enable defenders to stop would be data thieves from walking off with precious information.

Learn more How to Protect from Insider Threats

Find out how you can outwit your adversaries with an effective insider threat prevention program based upon your peers’ best practices and patented behavioral analytics.

Insider Threat Prevention Guide

Need a tool in the fight against insiders, learn more about ArcSight Intelligence and

Request a demo

Up next:

Advanced Threat Reseach