People are unquestionably at the centre of most data breaches. and increasingly that human risk is an insider. By focusing on insiders, organizations have a powerful opportunity to proactively identify and mitigate risk well before a costly incident occurs.
September 2024 sees the next iteration of National Insider Threat Awareness Month. The event is observed annually in September. It was first launched in 2019 to help organizations and individuals better understand insider threats and encourage the development of strategies to address them.
Although it was initiated by the National Counterintelligence and Security Center (NCSC) in partnership with the National Insider Threat Task Force (NITTF) and other U.S. government agencies, many organizations and countries worldwide recognize the significance of insider threat awareness and now actively engage in related activities and initiatives.
In an earlier article, in advance of the event, Digital Journal noted the precarious risk that some employees present to the firm, in hearing from a local expert.
The advice from experts continues. For our second instalment, we take in the opinions of Carl D’Halluin, CTO, Datadobi.
D’Halluin’s focus is with the cost to businesses from insider threats. He sets out the cost to the economy: “National Insider Threat Awareness Month is a crucial reminder not to underestimate the significance of risks from within — regardless of whether they are malicious or a result of negligence. For a clearer picture of just how significant, the 2023 Cost of Insider Risks Global Report by the Ponemon Institute revealed that in 2023, the average annual cost of an insider risk rose to $16.2 million per organization, while the average time to contain an incident extended to 86 days, compared to $15.4 million and 85 days in 2022.”
Moving onto specific issues, D’Halluin looks at some of the points of weakness that can bring insider threats to the fore: “Some might be surprised to learn that it is, in fact, unstructured data that is the most vulnerable due to it being the predominant data type (80 percent of data). It is the most difficult to manage, secure, and protect, and it often contains valuable and sensitive information making it rather attractive to those that wish to exploit it for personal gain or corporate sabotage.”
Hence, wilful employee action is something to be taken seriously. Coming up with coherent solutions is important and here v recommends: “So during National Insider Threat Awareness Month – and all year long – take decisive action to safeguard your unstructured data against insider threats. Invest in your people – train and provide them with the solutions they require to gain visibility and control of your unstructured data scattered across every environment — local, remote, and in the cloud. Next, foster a culture of accountability and vigilance; because some insider threats are simply a result of human error. Your organization’s survival and success are on the line – so, isn’t an ounce of prevention worth a pound of cure?”
