Data is the lifeblood of business today – and it’s leaving organizations in droves, often unintentionally, but sometimes maliciously. The threats aren’t always coming from outside. More are coming from employees who are sitting in offices, logging into systems, and walking out the door when they leave for other jobs.
Whether through mistakes handling data or by outright stealing, insider risk is growing and it’s impacting some of the most innovative companies in the world. Insider risk can derail a company’s progress, harm its reputation, and cost real money.
So, the question for leaders to ask isn’t whether their company is at risk from insiders. Rather, they should be asking themselves: Am I prepared to detect it, to deter it and to defend against it?
Data risks are becoming more frequent. In one recent survey, it was revealed 60% of users in mid-size enterprises admitted to transferring files to personal locations. That’s just the number that admitted to moving files in an unauthorized manner. The true amount could be much higher.
Data risks involving insider threats are also impacting more organizations: 1 in 3 data breaches involve insiders. And they’re evolving: 86% of security leaders fear
employees leak data to GenAI tools.
To protect data from leaking, there are key technology considerations organizations should keep in mind.
Eliminate blind spots
Organizations need unparalleled visibility. They need to see where data is moving in their environment, and you need to do that from a user perspective across
endpoints, cloud platforms, and email. That means knowing whether people are uploading content to their personal cloud accounts or GenAI apps, or whether they’re sharing company materials over Slack, Teams, or WhatsApp.
Mimecast’s technology tracks all those data movements and applies a set of scoring algorithms to help companies make risk-based decisions. Was the act accidental, was it behavior-based or was it malicious? Once organizations develop a picture of that risk, they can apply the appropriate response based on what the risk is.
The goal is not to alienate employees, and not to be a mechanism to overwhelm your security analysts. It’s really to change cultural behavior and get employees
to be stewards of handling data and information.
That’s where Incydr, Mimecast’s data protection solution, can help. Our mission is to provide organizations a way to proactively manage what’s happening from an insider standpoint and prevent accidental data loss by applying the appropriate
controls to those users who are not acting maliciously. We want to do it in a way that doesn’t disrupt innovation and doesn’t overwhelm security teams.
When security teams start with a block-first mentality, it often creates two problems. Employees are clever and they’re motivated to get work done, so they find workarounds, which opens the organizations up to new sets of threats. The other issue: Too much brute force blocking can end up keeping employees from accessing tools that they need to perform important tasks.
With Incydr, we can tailor block-and-response strategies based on what the organization sees from a threat standpoint. That can involve setting up targeted
notifications or sending micro learning training clips in the moment. Organizations can build controls for low and moderate responses while blocking access to certain browsers or preventing workers from using incognito mode.
Identifying data leaks
Looking at the attack factor produced another insight. Our customers must protect against two principal kinds of employee data leaks. The first is unintentional. One customer described a situation where a well-intentioned
finance employee decided to bring her work laptop to the hospital. During her overnight stay, she transferred documents using her personal gmail account and
exposed sensitive materials to a public network.
The other variety is intentional. In another incident, an HR employee who had accepted a job at a competitor tried to pilfer a list of employee names and salaries as they prepared to leave the company. This information is valuable. At their new job, the data thief could have leveraged the salary data to poach former colleagues for his new company. But the theft was unsuccessful. Tracking tools detected the transaction, and security prevented the departing employee from leaving with the files.
The never-ending chase for visibility
While it’s been said that data is the new oil, at its core it behaves like water. If there is a way for it to leak out of an organization, it will. Hackers continue to get smarter. Corporate information systems get more complicated to operate. And employees take more chances with the data they come into contact with.
To protect against data theft and data leakage, organizations need to see every path data travels – coming in, going out and moving around the organization. Incydr has more than 400 risk indicators inside the product set, and powerful AI helps categorize both known and unknown sources and destinations to help categorize unknown destinations to provide context to users.
Taking action with preventative controls
The times when organizations need to exercise the strictest controls over their data sharing are whenemployees are getting hired and when they’re leaving
their jobs. It’s critical that organizations spell out clearly what employees’ responsibilities are during these times. We’re making it easy to get a handle on how data moves by introducing preventative controls that address everything from pop ups to blocking the use of incognito mode. We’ve augmented those with
integrations into Crowdstrike, Okta, Microsoft Entra, and other applications, in case organizations want to take advantage of some of the capability sets that are already in their security stacks.
Companies want to apply uniform controls across their entire organization. We’ll be rolling out destination blocking, allowing organizations to prevent data from
going to specific sites, and we’re also going to introduce a tag-based blocking feature. So, if an organization is using sensitivity labels in its environment, and they’re associated with a file that’s tagged, Incydr will be able to leverage those to prevent that data and content from leaving the borders.
Saving time with agentic AI
It seems that agentic AI has become the topic of conversation in every industry – and it certainly is in security. We’re building several agents for the insider threat platform, including an investigation agent that will make it easier for analysts to scale up their threat detection capabilities. The advanced investigation agent
will improve analysts’ ability to auto-close alerts that look like false positives and escalate alerts that could be live threats based on the quality of the data set.
Despite AI’s promise for greater productivity, headlines about AI hallucinations drive home the point that a human analyst has to be part of the process. Keeping analysts tied in helps us refine our feedback loop and continue to auto retrain models to make them smarter based on customers’ interactions with the data in the environment.
It’s critical that businesses can maintain control of critical data, and Mimecast is helping customers simplify insider risk management so they can focus on what matters most.
Click the banner below to protect your organization across email, collaboration, compliance, and human risk.
