The secret to a secure organization revolves around four key elements
Insider threats have become a major issue in the past period and many information security solutions providers have focused their efforts on precisely determining how such threats can be mitigated.Security firm Imperva also contributes to this research with a report called “An Inside Track on Insider Threats,” which examines the legal, psychological, and technological tactics deployed by some high-profile organizations to address these risks.
A report published by Imperva in 2010 revealed that around 70% of employees planned to take copies of work-related files when leaving the organizations they had worked for. Furthermore, according to the FBI, the US economy suffers losses of over $13 billion (10 billion EUR) each year because of insider threats.
“The digital information age offers unfettered access for any actor trusted enough to enter our enterprise walls,” Amichai Shulman, co-founder and CTO of Imperva, explained.
“For most organizations, insider threats have moved beyond risk into reality; however, many threat vectors can be protected against with a measured approach to business security.”
After analyzing the tactics and best practices employed by 40 organizations considered to be highly effective at preventing insider threats, experts have determined that making a case for business security, employee education, control access with checks and balances, and security organizing are key elements.
For instance, education programs can be highly useful to ensure that employees are aware of the risks. Furthermore, all employees with administrative and super user rights should be monitored constantly.
IT operations, IT security, Human Resources and legal departments should be organized to implement security processes into the business workflow. Companies interested in doing so can check out the framework provided by Imperva.
Finally, the most secure organizations have spent time identifying risk tolerance and worst-case scenarios before building efficient security policies.