The past year was challenging on a number of fronts. The almost overnight global transition to remote working as a result of COVID-19 has spearheaded most of these challenges. But none has quite captured the breach headlines as much as Insider Threat did in 2020. According to recent findings by Gartner, the number of insider incidents has increased by a staggering 47% in just two years, from 3,200 in 2018 to 4,700 in 2020. This makes sense given the current economic climate and the uncertainty that workers are feeling. Our 2021 Data Exposure Report found that employees are 85% more likely today to leak files than they were pre-COVID. Data portability in a completely virtual world has posed all kinds of visibility challenges for security teams. All of this amounts to a classic recipe for Insider Risk. You’ll notice the reference to Insider Risk vs Insider Threat because the conversation has very clearly shifted to organizational risk tolerance and not necessarily the proverbial prevention strategy.
Gartner’s new Market Guide for Insider Risk Management Solutions is timely. As organizations strategize for 2021, it is imperative to understand and implement Insider Risk mitigation. Throughout 2020, Code42 had multiple opportunities to work with Gartner around the evolving category of Insider Risk Management. The Market Guide lists Code42 as a Representative Vendor and Insider Threat tool, and validates our point of view around Insider Risk Management (IRM).
TOP 10 TAKEAWAYS FROM GARTNER 2020 MARKET GUIDE FOR INSIDER RISK MANAGEMENT SOLUTIONS
- Insider Risk Management (IRM) – Let’s start with the obvious. Gartner makes a strong statement by calling out IRM vs Insider Threat. Why? Monitoring workers and ensuring working practices is about understanding organizational risk tolerance. The conversation needs to be about understanding risk, not preventing it.
- This isn’t the time to measure productivity – As Gartner points out, “Vendor-led initiatives that conflate insider threat situations with performance management risk alienate a workforce already under pressure from the effects of the pandemic.”
- Majority of Insider Risks are attributed to carelessness by end users – In our recent Data Exposure Report, survey respondents ranked employee carelessness as the second most common cause for a data breach at their organization. Gartner also points to carelessness as a big driver of the Insider Risk vs Insider Threat conversation. At the beginning of any insider breach investigation, we strongly recommend you assume the user is “innocent until proven guilty.” While insider threat targets specific individuals, insider risk takes a more holistic approach to understanding risk across the organization.
- Awareness! Awareness! Awareness! – As we’ve noted multiple times in 2020, a knowledgeable and empowered workforce is a powerful security ally. Organizations are already doubling down on security awareness training programs to turn their employees into everyday security practitioners.
- Deter! Detect! Disrupt! – As part of the core mitigation goals, Gartner describes the rule of three around detering individuals to carry out data exfiltration, detecting the activity itself and disrupting the effort. Significantly, the absence of “blocking” signals a sea change in the data security space.
- Data Infiltration anyone? – Much of the Insider Risk conversation is about data leaving the organization. Very little attention is given to the potentially harmful data that could be making its way in via a new employee (from a competitor). In fact, in our Data Exposure Report from February 2020, 63% of employees who were surveyed admitted to taking data with them to a new job – and doing it more than once making them repeat offenders. Data infiltration presents all kinds of legal repercussions in the making. Glad to see Gartner drive this point home! According to Gartner: “It is also notable that while many security and risk management leaders are concerned about data exfiltration, equally worrying is the problem of new hire associates bringing intellectual property into the organization from their former workplace. This can lead to product tainting and potential legal action.”
- It takes an ecosystem to adopt insider threat technology – Much of the 2020 growth in the insider threat market is attributable to the ease and simplicity of plugging into other security tools. It’s no doubt this trend will continue, as organizations realize the value of connecting an otherwise disparate security stack to provide centralized visibility.
- Focus on the data, not necessarily the user – Gartner points out “Some vendors, such as Code42, have developed data-centric monitoring applications — focusing on sensitive data in transit or at rest, but applying similar peer group analysis to identify anomalous usage patterns.” As we often like to point out with our approach, focus on the data and the user insights will follow close behind.
- UEBA and SIEM converge – Many SIEM providers today are providing core UEBA functionality as part of their value add. Code42 occupies a UEBA category as part of the Gartner Peer Insights and many of the listed Representative Vendors from the SIEM category are already technology partners. The future looks bright!
- Where is DLP? – The list of representative vendors in the Market Guide represents a broad range of solutions around Insider Risk. It is interesting to note that very few DLP solutions occupy this list given they were once deemed the solution of choice for insider threat. DLP will always occupy a strong presence when it comes to regulated data but does this signal the arrival of a much sought after alternative approach? 2021 will tell.
Read the full Market Guide for Insider Risk Solutions to get more insights.
Gartner Market Guide for Insider Risk Management Solutions, Jonathan Care, Brent Predovich, Paul Furtado, 29th December 2020.
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.