The insider threat is one of those persistent challenges in cybersecurity. One example that how just how insidious the threat is, Code42’s president, Joseph Payne, cited occurred recently in the formation of a new device market. Payne asks. We imagine we’re an executive at a company developing new wearable technologies. And everyone’s hopes and dreams at the company are being poured into this technology. And then a couple of employees leave. Nothing strange there. But they go and work for a competitor. That may be eyebrow-raising, but still not surprising.
However, features the engineering teams sweated over to create ended up within the competitor's products. Now that’s troubling. So troubling that the business goes under. “That may sound like a hypothetical,” says Payne. “But that's precisely what happened to the folks at Jawbone. When people left Jawbone and went over to Fitbit. Jawbone does not exist today. The stakes around insider threats can be really, really high,” he says.
Fortunately, there is some good news about this story. The technology used to mitigate insider risk has matured considerably in recent years.
As Payne explains, the legacy way of mitigating the insider risk was to lock down the entire network and try to block everything from leaving, and let's not let people collaborate or work together. But much like that approach does not work for external threats, we can't rely on locking that level of sharing and collaboration up to keep insider threats at bay. “It simply doesn't work. It's just too easy to [move] data outside of the network today,” Payne explains.
Defending against the insider threat without blocking legitimate collaboration
Even if such legacy strategies did work, it’s not the way people want to work and collaborate today. “They want to share data. They want to use Slack. They want to use Teams. They want to use Salesforce. They want to use OneDrive and all kinds of cloud applications,” explains Payne. The last thing companies want to do, even if they could technically achieve it (which they can’t), is get in the way of such sharing and collaboration efforts.
Fortunately, Payne explains that a new set of data security technologies has arisen in recent years that address the challenge of securing such data.
Payne details how some in the data security space, along with Code42, have chosen to – rather than block the movement of files to monitor them and score file movements based on the risk associated with the activity. “If somebody moves something to Dropbox, that's a certain score level. But if somebody is quitting the company [and moving files to Dropbox], that raises the score. If they made that into a zip file, that raises the score even higher,” explains Payne.
The notion here, contends Payne, is that the system identifies and prioritizes the risk, and the security team can decide what to act upon. “It's a very different approach,” says Payne. It’s about managing the risk, not shutting down communication and collaboration, and enabling people to use technology however they want. “It makes [security] a lot more available to companies that want to let their employees use their work laptops for more than just work. If their employee wants to access Gmail while at the office, we let them do that, knowing that we have this layer of security wrapped around our product. I think it's a more modern and efficient way for modern organizations to operate,” says Payne.
By George V. Hulme