Measuring insider risk to protect data in the cloud collaboration era

How can you measure insider risk – whether it’s malicious, negligent or simply accidental? Find out how.

By WP Creative Group

• Facebook
• Twitter
• LinkedIn
• Mail

Just one look at your own laptop, desktop or smartphone will validate the incredible growth in the cloud collaboration software market. How we communicate, work and collaborate has changed significantly in the last ten years – and accelerated even more over the past two years – with organizations reaping the benefits of flexibility, scalability and innovation that these collaboration tools deliver. What is less talked about, however, are the risks associated with the adoption of these tools – and specifically the risk of valuable data leakage to untrusted locations. Insider risk occurs when sensitive data moves to untrusted places like personal devices, email or cloud destinations. It can be malicious, negligent or simply accidental. But how can we measure this risk? And more importantly, how can we reduce it?

The cases of malicious insider risk often dominate the headlines. For example, the prosecution and eventual guilty plea of a U.S. Navy nuclear engineer and his wife is a striking insider risk case.  The engineer, who held a top-secret security clearance, admitted to selling secrets about nuclear submarines to a foreign power in exchange for cryptocurrency. It was ultimately revealed that the couple was sharing Navy documents with an undercover FBI agent posing as a foreign official over the course of several months.

While malicious insider risk events are more newsworthy, negligent or accidental events often have equal impact. Cloud apps are the engine that powers the modern hybrid-remote workforce. But the same capabilities that empower employees to connect, create and collaborate faster and easier also make it faster and easier to exfiltrate or infiltrate data – intentionally or unintentionally. More often than not, employees unintentionally put data at risk just by trying to get their jobs done. One often-seen example is when a new employee’s personal cloud automatically syncs to their new laptop. Users who leverage certain clouds for personal use are automatically set up to sync all documents on their corporate endpoint if they sign into their account – which some laptops automatically prompt users to do. This is just one example of users unknowingly creating insider risk. In this case, the automatic syncing can actually infiltrate data from the users’ previous employer, potentially introducing sensitive data like IP it into their new company’s environment without anyone’s knowledge. 

The insider risk challenge

Awareness around the insider risk problem is growing as more companies take stock of the significant workplace changes that the past two years have brought about. But there’s still work to be done around insider risk. The Annual Data Exposure Report 2022, which surveyed 700 business leaders, security leaders and security practitioners across all industries in the U.S., uncovered several challenges:

• 97% of companies have security concerns as a result of remote work.
• 96% of companies admit the need to improve employees’ security & risk awareness.
• 74% of security teams admit they need better metrics when it comes to Insider Risk.

Insider risk measurement

It’s clear that many organizations struggle with identifying transparent business metrics for insider risk, data protection and security awareness. Luckily, a handful of companies that are early trailblazers in Insider Risk Management have collectively identified three simple metrics that aim to measure, communicate and report security program efficiency and effectiveness. 

• Risk Posture: This metric gives you the baseline view of your data exposure by severity or impact. By taking a data-driven approach to identifying and defining where data exposure exists and the magnitude of that exposure based on the business’s risk tolerance, you will better understand your organization’s risk posture.
• Risk Severity: The Risk Severity metric tells you where to prioritize your efforts. By honing in on the highest most critical data risk exposure events and who, what, where, when and how they happen, you uncover gaps in your policies and controls. You are armed to make data-driven decisions on where to invest time and resources.
• Risk Maturity: The percentage change in your insider risk posture when compared to the baseline view of your data exposure defines your Insider Risk Maturity. The insider risk maturity metric tells you if you are moving the needle, how efficient and effective your program’s people, processes and technology are at reducing data risk exposure.

What gets measured gets actioned. By putting the right metrics in place, you break down communication barriers between business leaders, employees and security teams. More transparent communication across the organization – rooted in metrics – drives the right actions and investments to create a more risk-aware culture. If building a more security conscious and risk-aware culture is your goal, today is the day to start measuring insider risk.

To learn more about Insider Risk, please visit https://www.code42.com/insider-risk-management/.

The content is paid for and supplied by advertiser. The Washington Post newsroom was not involved in the creation of this content.

Content From