Complexity noun | com·plex·i·ty
- The state or quality of being intricate or complicated
- A factor involved in a complicated process or situation
If that definition sounds like a day in your life working in security, keep reading. As security professionals, we already understand this definition of complexity because we are intimately familiar with its meaning. From vulnerabilities and threats, to policies, alerts, security ecosystems and products themselves, every facet of the security industry today is complicated.
Some would argue that complexity is necessary for insider threat programs, and that it is in the intricacy of the interconnected elements, the nuance, and the people process associated with it that make them effective. While it is valid that the most mature insider threat programs truly do combine security and risk at the highest level, which makes them incredibly complex, a majority of organizations today do not have a solution for detecting, investigating and responding to data risk caused by insiders. Code42 Incydr™ can provide the foundation that actually makes it easy to reduce this risk.
Where the Complexity Begins
Technical complexity is at the forefront of the complexity challenge that security teams face. It is the very tools, which are intended to help make insider threat programs more effective, that introduce problems, which lead to the degradation of the insider threat team, hindering their effectiveness. I have had extensive experience building and consulting on insider threat programs at various organizations, Fortune 500 companies in technology and business services industries. In my past experience, I have seen security teams navigate through highly complex, intricate systems with great success. But I have also seen complex systems fail. This is where a simple use case focused solution like Incydr can greatly reduce risk.
The Success Story
In a very specific set of circumstances, complexity can lead to success for a security team, and more specifically, an insider threat program. Success in these instances is largely due to a focus on metrics, ROI and the ability to measure the effectiveness of a security program both in terms of risk mitigation and operational cost. There must be a thoughtful and purposeful approach to using well-defined, objective metrics to calculate the effectiveness of money spent in order to ensure the cost of program complexity never outweighs the benefits. This is an important consideration regarding both technical cost as well as people and process costs. Organizations would be wise to ensure they have an objective way to measure success, agreed upon by executive leadership and relevant stakeholders. This removes any future ambiguity about the “worth” of your insider threat program. Key metrics that successful security teams typically rely on to measure the risk reduction of insider threats programs include:
To Continue Reading…
Share a few pieces of information and we’ll personalize your experience with us