The latest Insider Threat research found that 12% of employees take sensitive intellectual property (IP) when leaving jobs.
This includes health records, customer data, reports, lists, sales contacts, and so on. As a first line of defense, you can use several standard security solutions, such as DLP, User Activity Monitoring (UAM) and User and Entity Behavior Analytics (UEBA). But these solutions leave an important gap in your defenses: insiders can still photograph screens and documents containing sensitive information on their smartphones. There are companies that prohibit employees from bringing a phone to work, but this is not a common practice. Insider leaks continue to gain momentum.
What is an Insider Threat?
An insider threat can be anyone with access to an organization’s data or systems: employees, contractors, and third-party partners. This makes such threats difficult to manage and control.
According to the Ponemon Institute, there are 3 types of insider threat:
– Careless or negligent employee or contractor;
– Criminal insider, including employee or contractor malice;
– Employee/user credential theft (a.k.a. imposter risk).
Against this background, the question arises of how to deal with such threats in order to ensure a high level of company security.
According to the EY study “Managing insider threat”, common insider threat indicators include:
– Attempts to bypass security controls
– Requests for clearance or higher-level access without need
– Frequent access of workspace outside of normal working hours
– Irresponsible social media habits
– Behaviors that demonstrate sudden affluence without obvious cause, such as a large pay raise, inheritance, etc.
– Maintaining access to sensitive data after termination notice
– Use of unauthorized external storage devices
– Visible disgruntlement toward employer or coworkers
– Chronic violation of organization policies
– Decline in work performance
Of course, most insiders use flash drives to compromise files, send documents to their personal email, or print documents to take with them. But all these actions can be easily traced. Security solutions that are currently used in companies, for example, DLP, allow you to monitor and track any user activity. But what if insiders simply use their personal smartphone and take a photo of a contract open on the screen or a printed copy?
To address this growing problem, it is worth considering additional solutions as part of an integrated approach to Insider Threat Management (ITM).
What is Insider Threat Management (ITM)?
Insider Threat Management (ITM) software is user activity monitoring software that helps companies prevent malicious or negligent actions by internal users on systems. Companies use ITM software to monitor user activity and ensure the security of company assets and intellectual property.
ITM software often integrates with:
– identity and access management (IAM) software tools to pull internal user data
– security information and event management (SIEM) software tools and other threat analytics systems
– privileged access management (PAM) software
– data loss prevention (DLP) software
– user and entity behavior analytics (UEBA) software
Insider Threat Management consists of the following steps to manage insider threat:
Where does LeaksID fit in among ITM Solutions?
LeaksID by G-71 is an invisible document marking solution that creates a preventive effect and deters insider leaks, incl. leaks committed using a smartphone. It is a great tool to help you expand your portfolio of Insider Threat Management (ITM) solutions.
With LeaksID, you can:
1. Be prepared in advance for any insider leaks by marking all confidential documents using invisible marking technology, which is applied automatically and transparently during any interaction with documents without disrupting business processes.
2. Protect your company from future potential leaks by creating a preventive effect: if all employees in the company know that even a small fragment of a compromised document can be used to determine the owner of the copy, then people will not take risks.
3. Use the built-in logging function of all actions with marked documents to track deviations and detect unauthorized activities.
4. In case of a leak, use the built-in investigation module to conduct an investigation: even a small fragment of a compromised document, photo, or screenshot is enough to determine the source of the leak.
Try out LeaksID, our cloud solution to store documents, collaborate on them, and securely share them.