While insider threats have always been a concern for federal agencies, the COVID-19 pandemic has escalated the threat. A record number of agency employees working from home has created an environment that is highly vulnerable to security threats. From Virtual Private Networks (VPNs) to the use of personal devices and home printers, the likelihood of an insider threat attack being successful has increased in the last seven months. Not only does this increase the risk of exposing critical data to adversaries but the rising cost of insider threats introduces an additional burden to federal agencies.
Josh Epstein, Vice President Marketing for Insider Threat Management at Proofpoint, said that “understanding the full context around user activity is a foundational element of understanding insider threats.” Insider threats can come from accidental data leakage, malicious activity of purposeful compromise of internal resources, social engineering by external actors to compromise internal individuals, and email account compromise. According to a recent report that surveyed over 200 organizations, the overall cost of insider threats rose from $8.76 million in 2018 to $11.45 million in 2020, a 31 percent increase in just two years.
To build an effective Insider Threat Management program an agency must respond quickly to an incident and minimize the overall impact. Based on research from the Ponemon Institute, “it takes an average of 77 days to contain each insider threat incident [and] only 13 percent of the incidents were contained in less than 30 days.” With such an extensive dwell time, bad actors have ample opportunity to exfiltrate data and inflict a high degree of reputational and financial damage.
For Epstein, the identification and prevention of insider threats requires a different perspective and approach from mitigating external threats. There are currently preventative steps to take, but there is still a need for a solid solution to insider threats. Through trusted partners, Epstein explained that agencies are able to “protect against data loss and brand damage involving insiders acting maliciously, negligently, or unknowingly[, by using a system that] correlates activity and data movement, empowering security teams to identify user risk, detect insider-led data breaches, and accelerate security incident response.”
Interested in learning about Insider Threat Management? Click here to read more.