2. They think they have it covered
Another large portion of companies are already using prevention tools like DLP and CASB to stop data exfiltration—and they think they have insider threat covered with this approach. But these tools were never designed to stop insider threat, nor were they built for today’s collaboration culture, where data is created, stored and shared largely outside of traditional network infrastructure. Moreover, prevention can’t stop everything—and a prevention-alone approach leaves dangerous gaps that security teams are left struggling to fill, not to mention the time, effort and resource strain managing and maintaining these tools pose to security teams. When a user’s risky actions do slip past prevention tools, the lack of dedicated response tools means that the investigation process is slow, difficult and ultimately very costly.
3. They assume other issues should take higher priority
Plenty of security teams fully understand the insider threat risk and recognize the gaps in their companies’ security stacks. But no security team has endless resources or budgets, not to mention infinite attention span—and many companies still rank insider threat below other security priorities. Ironically, because these companies lack a dedicated insider threat toolset, their security teams don’t have visibility into just how big their insider threat risk really is. So insider threat remains a lower priority. Meanwhile, those same visibility gaps are continually driving up costs, because whether they see them or not, insider threats are happening more frequently every day.
Acknowledging the inevitable insider threat
No one wants to admit that insider threat incidents are inevitable. But there are several factors converging to make this an awfully tough problem to completely eradicate:
- Data portability: Data is more portable than ever—and innovation demands and the increasing use of collaboration-centric tools creates new ways to move data every year.
- Ownership of data: As mentioned earlier, people feel that they own the data—the ideas—that they’ve created, and they feel entitled to take those ideas with them.
- Declining tenure & employer loyalty: To top it all off, people are changing jobs more frequently than ever—staying an average of less than three years. In other words, employees have simple means, personal motivation and moral justification to take valuable trade secrets from your company. These aren’t elaborate heists or nefarious plots; it’s just Jim from Accounting looking to make a smart career move.
Ad hoc investigations: Costs pile up ad nauseam
If an insider threat incident does happen, most organizations are left to do ad hoc investigations which are labor-intensive, inefficient and drive insider threat costs up ad nauseum. Because most companies lack dedicated insider threat tools, they need to painstakingly dig into external connections, impacted files, cloud activity, printed documents and more—slowly piecing together the story of (at least some of) what happened. The typical ad hoc investigation eats up 40 hours of an investigator’s time, per device. And then there are the potentially enormous (and ongoing) costs of letting your trade secrets get out into the world. At the very least, this embarrassment will damage your company’s reputation. More than likely, it will lead to revenue losses. Far too many companies are still unraveling the full extent of the long-term impacts on their innovation plans, product roadmap, customer relationships and more.
Proactive planning isn’t just smart—it’s cost-effective
When juxtaposed against the hidden and harsh reality of the everyday costs of reactively investigating insider threat incidents, it’s easy to see that strategically getting ahead of insider threat doesn’t just reduce the risk to your data and your business—a proactive approach will actually drive significant operational efficiencies and cost savings. Putting the dedicated tools in place today that give you the visibility to see all your data (structured and unstructured) and watch how it moves (across browsers, devices and the cloud), empowers your security team to:
- Detect insider threat incidents faster without endless alert management
- Rapidly investigate cutting the typical 24 labor hours by as much as 75%
- Respond immediately and effectively before damage is done to your business
Can you afford to wait and see on insider threat?
From “we don’t have a problem” to “we have bigger problems,” the common denominator is a reactive approach. Many companies are comfortable taking the “wait and see” approach because they think they’re not bearing insider threat costs right now. But the truth is that far too many are overlooking the very real, very high costs that inefficient, ineffective, ad hoc insider threat investigations are causing every day for their organizations. And because they aren’t adding up these hidden costs, they’re missing out on the full value of a more proactive approach. The bottom line: If you think it’s not worth the money to do it the right way (proactively), you better have the money to do it the wrong way.