Completing The Picture of Insider Threats With Continuous Workforce Risk Evaluation
Posted 02.24.2019 by AJ Cook, Enterprise Sales Executive
Insider threats are among the most serious and stubborn of all enterprise risks. As difficult as it may be to guard against threats from the outside, the task for becomes exponentially harder when the damage originates from within the organization.
Not surprisingly, companies are shelling out billions on pre-employment screenings and other vetting. The irony is that, once inside, the scrutiny typically subsides. Meanwhile, most of the billions in cybersecurity spending are aimed at continuous monitoring of IT systems, but not the people who interact with those systems. What remains is a huge blind spot: The unmanaged risk from insufficient evaluation and management of the workforce on an ongoing basis.
Let’s take a closer look at unmanaged workforce risk, and why the right approach can significantly enhance your overall protections against insider threats.
A Hidden and Costly Source of Risk
People are a company’s most valuable asset, and they represent a significant investment in recruitment, training and retention. But all that value is compromised — and the entire organization becomes more vulnerable — when we fail to realize that shifting circumstances can turn anyone into an insider threat.
Circumstances ranging from legal and financial troubles, to family conflict, substance abuse or other factors can introduce pressures or motivations that might steer someone toward fraud, cyber breaches, absenteeism; or performance, safety and behavioral issues. As just one example, 98% of Security Executives report that their organization has experienced impacts as a result of these types of incidents. To make matters worse – the average financial loss per year from workforce related security incidents is well over $400,000 per year.
Statistics like this show why protecting against insider risk requires more than just looking inside the organization. A better way is needed.
Building the Right Approach
Only a holistic view of internal and external factors affecting your workforce can give the complete and accurate picture of the insider threats that can inflict real damage on the bottom line. It’s a picture that a background check, as just one snapshot in time, fails to capture — and this lack of visibility is a huge challenge for organizations
Endera is committed to bringing continuous insider risk evaluation, utilizing external data sources, as the missing link to solidify both your visibility and defenses around insider threats. When combined with a company’s existing employee screening efforts, cybersecurity infrastructure, SOC analyst teams and other internal assets, continuous insider risk evaluation completes the security picture for the enterprise.
It’s important that this risk evaluation be not just continuous, but also customized and scalable. Modern organizations operate in a landscape of gig economies, connected assets and extended supply chains that confer “insider” status not just on employees, but also vendors, contractors, third party service providers and anyone else with physical or digital access to the enterprise. That means your continuous insider risk evaluation solution must draw on diverse information — civil, criminal, licensing, compliance and other related databases, watchlists and sources —- to customize a monitoring protocol that suits your needs.
And it all needs to happen at the scale of the enterprise, deploying AI, natural language programming and other advanced capabilities alongside a corps of expert human analysts to minimize the false positives and maximize the actionable insights from what could be millions of data points and indicators.
Sound intriguing? In a future post, we’ll take a closer look on how it all works, and share some real-world use cases to show these powerful capabilities at work to enhance operations, safety, compliance and competitive advantages for organizations of all sizes.