Live community discussions on Insider Risk | See upcoming sessions →
  • Partners
    • Technology Partners
    • Reseller Partners
    • Partner Portal
  • Customer Toolkit
  • University
  • Support
Code42 Logo
  • Products
    • Incydr™ Data risk detection and response for insider threat Product Overview right arrow icon
      • Features
      • Detection
      • Investigation
      • Response
      • Use Cases
      • Remote workforce monitoring
      • Departing employee monitoring
      • IP theft detection
      • View All
      • Information
      • Product Plans
      • Deployment
      • Integrations
      • Developer Portal
      • Trust & Security
      • Services
    • Incydr™ Gov Insider Risk detection for the federal government
  • Solutions
    • Insider Risk
    • Data Exfiltration
    • Incident Response
  • Company
    • About
    • News
    • Careers
    • Leadership
  • Resources
    • Resource Center
    • Reports, eBooks, Videos
    • Events & Webinars
    • Customer Stories
    • Product Resources
    • Integrations
    • Developer Portal
    • Trust & Security
    Data Protection: Code42 vs. DLP Leave DLP behind with a better, risk-based approach to protect data. Learn more right arrow icon
  • Blog
  • Explore Incydr Demo
  • Contact Sales
  • Partners
    • Technology Partners
    • Reseller Partners
    • Partner Portal
  • Customer Toolkit
  • University
  • Support

INSIDER THREAT

If You Don’t Have the Money to Do It Right, You Better Have the Money to Do It Wrong


6 MIN READ

SHARE

Todd Thorsen

Director, Governance, Risk Mgmt & Compliance

Despite reports that insider threat costs continue rising every year, the majority of companies still don’t have a dedicated insider threat program in place. This is a little misleading, however. It’s not that companies aren’t doing anything about insider threat; the problem is that most are taking a reactive approach—the “we’ll deal with it if it happens” approach. But what they’re not realizing: it’s happening every day. And because most companies are not planning ahead for what to do once an insider threat incident has been detected, insider threat costs are skyrocketing.

Why aren’t companies doing more about insider threat?

There are a variety of reasons that 4 in 5 companies still do not have a dedicated insider threat program:

1. They think they don’t have a problem

We’ll call this the hopeful/optimistic denial group. These companies staunchly believe in the integrity of their employees, or those who say “all our employees love working here, they would never do anything to harm the company.” They don’t want to risk changing their company culture by acknowledging that their employees are capable of taking valuable trade secrets. But here’s the thing: it’s not about bad people—it’s about shifting workforce culture and protecting the organization. The primary output of modern employees is ideas, and people naturally feel entitled to owning the ideas they create. So it’s not surprising that most feel it’s their right to take their ideas with them when they leave—whether or not they’re aware of company policy or potential company damage.

To Continue Reading…

Share a few pieces of information and we’ll personalize your experience with us

2. They think they have it covered

Another large portion of companies are already using prevention tools like DLP and CASB to stop data exfiltration—and they think they have insider threat covered with this approach. But these tools were never designed to stop insider threat, nor were they built for today’s collaboration culture, where data is created, stored and shared largely outside of traditional network infrastructure. Moreover, prevention can’t stop everything—and a prevention-alone approach leaves dangerous gaps that security teams are left struggling to fill, not to mention the time, effort and resource strain managing and maintaining these tools pose to security teams. When a user’s risky actions do slip past prevention tools, the lack of dedicated response tools means that the investigation process is slow, difficult and ultimately very costly.

3. They assume other issues should take higher priority

Plenty of security teams fully understand the insider threat risk and recognize the gaps in their companies’ security stacks. But no security team has endless resources or budgets, not to mention infinite attention span—and many companies still rank insider threat below other security priorities. Ironically, because these companies lack a dedicated insider threat toolset, their security teams don’t have visibility into just how big their insider threat risk really is. So insider threat remains a lower priority. Meanwhile, those same visibility gaps are continually driving up costs, because whether they see them or not, insider threats are happening more frequently every day.

Acknowledging the inevitable insider threat

No one wants to admit that insider threat incidents are inevitable. But there are several factors converging to make this an awfully tough problem to completely eradicate:

  • Data portability: Data is more portable than ever—and innovation demands and the increasing use of collaboration-centric tools creates new ways to move data every year.
  • Ownership of data: As mentioned earlier, people feel that they own the data—the ideas—that they’ve created, and they feel entitled to take those ideas with them.
  • Declining tenure & employer loyalty: To top it all off, people are changing jobs more frequently than ever—staying an average of less than three years. In other words, employees have simple means, personal motivation and moral justification to take valuable trade secrets from your company. These aren’t elaborate heists or nefarious plots; it’s just Jim from Accounting looking to make a smart career move.

Ad hoc investigations: Costs pile up ad nauseam

If an insider threat incident does happen, most organizations are left to do ad hoc investigations which are labor-intensive, inefficient and drive insider threat costs up ad nauseum. Because most companies lack dedicated insider threat tools, they need to painstakingly dig into external connections, impacted files, cloud activity, printed documents and more—slowly piecing together the story of (at least some of) what happened. The typical ad hoc investigation eats up 40  hours of an investigator’s time, per device. And then there are the potentially enormous (and ongoing) costs of letting your trade secrets get out into the world. At the very least, this embarrassment will damage your company’s reputation. More than likely, it will lead to revenue losses. Far too many companies are still unraveling the full extent of the long-term impacts on their innovation plans, product roadmap, customer relationships and more.

Proactive planning isn’t just smart—it’s cost-effective

When juxtaposed against the hidden and harsh reality of the everyday costs of reactively investigating insider threat incidents, it’s easy to see that strategically getting ahead of insider threat doesn’t just reduce the risk to your data and your business—a proactive approach will actually drive significant operational efficiencies and cost savings. Putting the dedicated tools in place today that give you the visibility to see all your data (structured and unstructured) and watch how it moves (across browsers, devices and the cloud), empowers your security team to:

  • Detect insider threat incidents faster without endless alert management
  • Rapidly investigate cutting the typical 24 labor hours by as much as 75%
  • Respond immediately and effectively before damage is done to your business

Can you afford to wait and see on insider threat?

From “we don’t have a problem” to “we have bigger problems,” the common denominator is a reactive approach. Many companies are comfortable taking the “wait and see” approach because they think they’re not bearing insider threat costs right now. But the truth is that far too many are overlooking the very real, very high costs that inefficient, ineffective, ad hoc insider threat investigations are causing every day for their organizations. And because they aren’t adding up these hidden costs, they’re missing out on the full value of a more proactive approach. The bottom line: If you think it’s not worth the money to do it the right way (proactively), you better have the money to do it the wrong way.

Todd Thorsen

Todd Thorsen, CISSP, CISM and CIPP/US, is a director of governance, risk mgmt and compliance at Code42. Previously, Todd led the enterprise third-party security team, where he was responsible for third-party security, privacy and compliance across all retail, banking and healthcare operations.

Code42 logo
Code42 logo

Code42

  • About Code42
  • News + Events
  • Awards
  • Investors
  • Leadership
  • Careers
  • Contact Sales

Learn More

  • Insider Risk Ecosystem
  • Reseller Partners
  • Federal Solutions
  • Higher Education Solutions
  • CrashPlan for Small Business
  • Customer Stories

Support

  • Help Center
  • Code42 University
  • Professional Services
  • Twitter Twitter
  • Facebook Facebook
  • LinkedIn LinkedIn
  • YouTube YouTube
  • Terms of Use
  • Privacy Statement
  • Impressum
© 2021 Code42 Software, Inc. All rights reserved.
Get Started with Incydr™
Contact Salesright arrow icon
We'll have an insider threat expert reach out within 24 hours
Launch the demoright arrow icon
Try Incydr at no cost for 30 days to quickly uncover your data blindspots
Incydr Trial
Try Incydr at no cost for 30 days
Start Free Trial right arrow icon
Explore the deeper functionality of Incydr™
Contact Salesright arrow icon
We'll have an insider threat expert reach out within 24 hours
Incydr Trial
Try Incydr at no cost for 30 days
Start Free Trial right arrow icon

This website uses cookies to improve your user experience and to provide content tailored specifically to your interests. Detailed information on the use of cookies on this website, and how you can manage your preferences, is provided in our Cookie Notice. By clicking I Agree or continuing to use this website, you consent to the use of cookies. Learn more.

Code42
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

Strictly Necessary Cookies

Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.

If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.