How to Reduce Insider Threats with Continuous Risk Monitoring

Does your company have the right tools to protect against a devastating insider attack? For most, the answer is no.

Insider threats are malicious threats to an organization perpetrated by people within the organization, such as employees, former employees, contractors or business associates. A recent report found that less than half of companies have the proper tools to fight these threats. The number of insider threat attacks, according to 62 percent of security professionals, has increased in the past year. The average company faces an average of 4 attacks per year that can cost up to $1 million to remediate.

Insider threats post the greatest risk to companies because of the access employees and contractors have to sensitive information. Even more troubling, a Ponemon Institute study found that 88 percent of IT professionals believe this risk will increase or remain steady over time.

The current screening model is falling short

The first step to recovery is admitting a problem exists. And that problem is the current background screening model and its limitations on preventing insider threats.

The majority of companies conduct a background check on new employees before they hired. These employees are then either screened periodically – once a year or every couple of years – or not screened again at all. The current model does not account for real-time changes in an employee’s risk status. Factors such as stressful life events or poor performance reviews can change a person’s dynamic and risk potential. People change, as do their motivations, which is why companies need to continuously evaluate risk factors as they evolve.

For example, what if someone working in finance has recently declared bankruptcy, or a city bus driver has received a recent DUI? These factors would heavily impact an organization’s risk status. However, an organization would be unaware of these changes in real-time if they relied on the current model of periodic screens. Instead, they would only discover these potentially damaging incidents months – if not years – after they occurred.

Continuous risk monitoring is the future

Organizations must become proactive about identifying their insider threat risk by implementing continuous risk monitoring. Software and advanced data analytics now makes it possible to automate the process of analyzing public data in real-time so companies can actively monitor changes in risk throughout that individual’s tenure with the company.

Let’s revisit the example of an employee who has received a DUI charge. Many employers would not be notified of that until the next scheduled background screening, if at all. Most employers expect their employees to self-report incidents, but that does not always happen for obvious reasons. With continuous risk monitoring, however, companies immediately learn about that DUI charge, which would warrant an investigation that could lead to further action.

That example is not a hypothetical. In the three months after deploying continuous risk monitoring software, an organization with more than 30,000 employees and contractors found 11 felony arrests, five drug-related arrests, four sanctions on employees that prohibited them from working on state contracts, one sex offender and, stunningly, three employees that were actually deceased. If the organization waited until the next regularly scheduled screening, they would’ve employed those charged with serious crimes and drastically increased their exposure to devastating incidents.

What does this mean for you?

Continuous risk monitoring software can be customized for any industry. The financial services industry may attribute more risk to an employee filing for bankruptcy than a transportation company would, whereas the healthcare industry may view odd activity on the network as a greater indicator of potential fraud. Every industry has its own unique challenges and obstacles in meeting the mandates and regulations necessary.

By bringing together identity data from external sources like criminal and financial records with internal sources like network activity and personnel reviews, organizations drastically reduce their risk of insider threats. It allows organizations to maintain compliance through a legally defensible audit trail designed to meet critical regulations such as FCRA, FTC, and EEOC.

You shouldn’t settle for an outdated background screening model that is no longer working. Today, insider threats pose a larger risk to organizations than ever before, which means one-time pre-hire screening and periodic checks are simply not enough. This current model leaves managers and organizations with outdated information – and their companies far too vulnerable.

It is time to be proactive. It is time to thwart suspicious activity, before internal threats become insider attacks.

Your email address will not be published. Required fields are marked *