Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats //

Insider Threats

02:00 PM
Bob Swanson
Bob Swanson

Compliance as a Way to Reduce the Risk of Insider Threats

Several key resources and controls can help reduce overall risk by providing guidance on proper control implementation, preventative measures to deploy, and an emphasis on organizationwide training.

Insider threats have continued to be a major factor in data breaches over the last year. According to the "2019 Verizon Data Breach Investigations Report," 34% of data breaches involved internal actors. On top of this elusive threat, business environments are growing more complex and data is becoming a more lucrative target. Bring-your-own-device (BYOD) polices and remote working have presented challenges that extend far beyond the traditional environment seen just a few years ago. However, everything isn't all doom and gloom, and there are several steps to consider that enable organizations to begin mitigating this risk factor.

But what if I said that compliance could be a risk-reducing factor? That might seem incredible, but there are several key resources and controls that help reduce overall risk by providing guidance on proper control implementation, preventative measures to deploy, and an emphasis on organizationwide training.

Leverage Governance, Risk, and Compliance (GRC) Resources and Check Your Compliance Maturity
One solution for detecting and ideally thwarting insider threats is knowing your users and what their normal activities are. This is not easily accomplished and can quickly exhaust resources. Additionally, there are potential privacy violations that could occur if the increased monitoring is not properly disclosed. Have no fear, your friendly GRC folks are here! There are several key resources that are typically maintained by GRC, and they often expand and cover various compliance and regulatory requirements. These resources can help your SOC teams prioritize higher-risk environments, data, and users.

Preparation Is Key
Risk assessments and the overall risk management process can help provide guidance when the company recognizes increased risks or areas of high business criticality. Further, organizations that are more mature in their compliance positioning will also have system and communication classifications, data and privacy classifications, and classification around various accounts or groups within the environment.

Focusing on higher-risk factors and normalizing activities within these environments will provide a better vantage point into anomalous or potentially malicious activity, without exhausting resources or time. These resources identify the most likely targets, based on higher risk and business prioritization. Therefore, you can focus more robust control implementation based on objective prioritization. Depending on the incident, you can also have playbooks determine if, when, and where increased monitoring needs to be automatically applied.

Training and Awareness
These phases have become a standard control objective in most compliance frameworks. General training around cybersecurity best practices and recognition of potential attacks is crucial across the organization. You will recognize the most benefit by considering training and exercises specific to those teams that would typically respond and report on an insider threat. This additional and specific training can provide many valuable lessons and enable SOC teams to respond, investigate, and integrate with other teams around insider threats.

The overall goal is to build situational awareness across the organization and empower employees to identify situations of concern and report on suspicious activities. Additional training should be catered specifically to the SOC team's operations and users who are likely to or may already be interacting with high-risk data or systems.

SOC + GRC + Legal: The Powers Combined
Although each of the groups function individually around their own objectives, if an insider threat occurs, these three groups' paths will quickly converge. Understanding the compliance and legal requirements surrounding incident response is crucial to proper planning. After-incident reports provide essential lessons that enable each group to learn and adapt.

Because SOC teams are the primary users of security orchestration, automation, and response tools, their focus typically has been automation and streamlining. However, the SOC team can also work with GRC and legal teams to not only facilitate better incident response and case management, but also to help empower continual adherence to any obligations set forth by various regulations and compliance requirements. Imagine the time saved if audit requests or even controls can be automated, all while maintaining a fully complaint audit trail.

As a compliance- and risk-minded professional starting to dive into security and automation, I see tremendous potential ahead. The combination of integrations, automated workflow, hybrid playbooks, and reporting capabilities may just alleviate some of the pain points surrounding compliance. These combinations might even allow compliance to empower SOC teams, and vice versa. One can dream, right?

Related Content:

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's featured story: "How InfoSec Pros Can Help Healthcare During the Coronavirus Pandemic."

Bob Swanson specializes in compliance and privacy and has spent more than 10 years within the governance, risk, and compliance (GRC) space from the vantage points of internal/external audit, developing compliance programs as an internal advocate for companies, and in ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Zero Trust doesn't have to break your budget!
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-06-17
In CiviCRM before 5.21.3 and 5.22.x through 5.24.x before 5.24.3, users may be able to upload and execute a crafted PHAR archive.
PUBLISHED: 2021-06-17
In CiviCRM before 5.28.1 and CiviCRM ESR before 5.27.5 ESR, the CKEditor configuration form allows CSRF.
PUBLISHED: 2021-06-17
HashiCorp Nomad and Nomad Enterprise up to version 1.0.4 bridge networking mode allows ARP spoofing from other bridged tasks on the same node. Fixed in 0.12.12, 1.0.5, and 1.1.0 RC1.
PUBLISHED: 2021-06-17
An XSS issue was discovered in manage_custom_field_edit_page.php in MantisBT before 2.25.2. Unescaped output of the return parameter allows an attacker to inject code into a hidden input field.
PUBLISHED: 2021-06-17
All versions of package lutils are vulnerable to Prototype Pollution via the main (merge) function.