The Incydr™ Scoop: Recognize & Prioritize Insider Risk Signals
5 min Read
Vice President, Portfolio Marketing
Our customers are innovators, trailblazers and the leaders of tomorrow. Their source code, customer lists and 2021 go-to-market strategies are the lifeblood of their organizations. While our customers’ employees work together to design products, VR systems, conduct research, and so much more, their security teams are working to balance collaborative cultures with the overwhelming amount of risk that organizations experience. Incydr helps to make this balance possible by enabling security teams to pinpoint specific insider risk indicators amidst the incredible amount of data exposure experienced on a daily basis.
What data is exposed: the files
Let’s be honest, you could care less about a file being exfiltrated if you can determine with certainty that the contents of the file are not important. This is obvious and simple; yet, this is the part where we see too many organizations overestimate the efficacy of their current technology, processes and policies. High-value data —the crown jewels and IP— is being exposed every day. On average, a typical employee causes 20 file exposure events per day. The numbers don’t lie. We found that in the past 30 days alone, literally millions of files were exposed:
Who and where data exposure is happening: the users and vectors
At the end of the day, data risk is all around us. It can occur on the weekend or the day before an employee quits to work for a competitor. When the sheer volume of data risk is measured in the millions, additional user and vector context is critical in order to recognize and prioritize the risks that require immediate investigation and response.
For example, data exposure at 1:30 pm on a Tuesday is not as alarming as data exposure that occurs outside of a given user’s normal working hours – say on a weekend. Or, consider other user context like two days before they resign or after they are put on a performance improvement plan. Here, in order to recognize and prioritize insider risk, user context matters as much as file context.
Correlating user context around when they work with vector context around how data is moving paints an even clearer picture of insider risk. For example, what if we knew that over one-third (34%) of the data exposure events occurring over a weekend involve a removable media device? Within the context of a weekend and remote work being the new normal, this alone may not be alarming (unless you have a strict policy against removable media use), but when coupled with the fact the user never works on the weekend and the files copied contained source code, this would be a high indicator of insider risk and/or exfiltration.
The bottom line
Today, organizations are moving faster than ever. They’re connecting people, technology, and data to drive productivity, teamwork, innovation and speed to transform the employee and customer experience. And they are doing it largely as a remote workforce. We call this phenomenon the collaboration culture. In the collaboration culture, the faster, more productive and innovative organizations are, the more dynamic, pervasive and urgent breaches to sensitive information (crown jewels) and intellectual property (IP) become. We call this problem Insider Risk. In order to both manage and mitigate Insider Risks to your crown jewels, faster more accurate risk recognition, prioritization and thus remediation is needed and it cannot disrupt the very productivity, teamwork, innovation and speed – the collaboration culture – that is in place. Let’s face it, millions of data exposure events – Insider Risks – are happening on a daily basis. To cut through the noise, security teams need to correlate file, vector and user context. More data is not the answer. Better signal, simplicity and speed is the only way security is going to keep pace with the Insider Risks that is the collaboration culture.
As vice president of portfolio marketing at Code42, Mark leads the market research, competitive intelligence and product marketing teams. Mark joined Code42 in 2016 bringing more than 20 years of B2B data storage, cloud and data security experience with him, including several roles in marketing and product management at Seagate.
Receive personalized insights right into your inbox!
Thank you for your inquiry! Someone will be with you soon.
Strictly Necessary Cookies
Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.
If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.