4 Aspects of Insider Threat Detection Get Reed Richards on Your Side.

 You know those insider threats and data leaks I wrote about in my last post? How does your organization detect them?

Say your IT team is the Fantastic Four, and you’re Reed Richards, Mr. Fantastic. When you’re not too busy getting ready for next month’s Fantastic Four premiere, you’re applying your analytical insight and stretchy superpowers to your threat detection strategy.

Your job is to figure out where your company’s most likely targets for a security breach are, then build up your defenses around them.

Insider attacks are far more difficult to detect

Remember the last Fantastic Four movie, when Reed said, “The cloud has fundamentally altered our DNA?” That happens sometimes with data breaches and insider attacks, because they involve people, and people can surprise you. The cloud of getting too much access to too much privileged information too quickly can alter the DNA of your employees and co-workers. They take for granted that they’re so close to important databases and file servers and they start to get lazy.

Wouldn’t you rather spend your time hardening targets and making insider attacks impossible than seeing the cloud “fundamentally alter” your co-workers’ DNA?

In the 2015 Insider Threat Spotlight Report co-sponsored by Quest, you can see how more than 500 of your counterparts deal with threat detection. The report summarizes survey results from cybersecurity professionals in organizations ranging in size from fewer than 10 people to 10,000-plus.

The section featuring four aspects of insider threat detection starts on page 16 of the report. Here are some statistics on how your colleagues in other companies are monitoring applications and user behavior as part of their detection strategy:

  • Three in four companies (75%) monitor the security controls of their applications.
  • Almost two out of three companies (65%) monitor user behavior (but probably not as thoroughly as you expect).
  • The good news is that 28% of your counterparts can detect an insider attack within 24 hours of its occurrence. The bad news is that too many of them don’t know how long it takes them to detect one (have a look at page 20 for that).

Your turn

See how your practices for application monitoring and user behavior monitoring stack up against those of your fellow IT managers and directors. We co-sponsored the 2015 Insider Threat Spotlight Report to show you how your approach to preventing data breaches measures up against the approach of your colleagues across many industries.

In my next post, I’ll discuss some of the survey results around security tools and processes.