The risk of insider threats has entered mainstream consciousness with Wikileaks damaging the sensitivity of confidential information and a rash of corporate espionage targeting trade secrets. Even trusted employees may act on impulses to misappropriate corporate intellectual property.
In 2010, an Imperva survey revealed 70 percent of employees plan to take copies of files and data when they leave their organization. According to the Federal Bureau of Investigation, the economic impact of insider threats costs the American economy more than $13 billion per year.
“The digital information age offers unfettered access for any actor trusted enough to enter our enterprise walls,” said Amichai Shulman, co-founder and CTO, Imperva. “For most organizations, insider threats have moved beyond risk into reality; however, many threat vectors can be protected against with a measured approach to business security.”
A new report catalogs information gained by analyzing the best practices and incident response tactics of the 40 organizations most effective at preventing insider threats from a surveyed sample of more than 1,000. These best practices include:
Making a case for business security: Imperva found that the best prepared organizations spend time with key stakeholders to identify risk tolerance and “worst case” scenarios in order to build effective security policies, often related to greater compliance initiatives.
Organizing for security: Imperva provides a framework to organize IT security, IT operations, HR and legal departments to implement security processes into business workflow.
Education: By instilling education programs, organizations can eliminate much of the risk that comes from employees that don’t know any better.
Control access with checks and balances: The report suggests compensating controls should be implemented to protect against administrators and super users. All employee access to sensitive information should be monitored and aberrant information should be automatically detected and reported.
The complete report is available here (extensive registration required).