Heading into 2022, cybersecurity leaders identified malicious insider activity as one of their top three concerns, along with ransomware and social engineering, according to the World Economic Forum’s Global Cybersecurity Outlook 2022.1
The focus on insider threats should come as no surprise to anyone on the front lines of cybersecurity, compliance, governance, and data privacy. Nearly 70% of organizations surveyed had more than five malicious, high-concern insider incidents in 2020, according to a study by CyLab.2 Incredibly, 11% had more than 100 such incidents, including financial fraud, sabotage, data theft, and workplace violence.
The challenges around insider threats have been exacerbated by the recent transformation of the workplace characterized as the Great Resignation. In 2021, more than 47 million Americans quit their jobs—the most resignations ever recorded in a year by far, according to the U.S. Bureau of Labor Statistics. The trend has continued into 2022, with 4.5 million U.S. workers quitting in March.
There is a direct correlation between unhappy employees and the increase in insider threats. The CyLab research found that organizations that deployed deterrence actions suffered an increased risk of malicious insider incidents.
The unfortunate reality is that malicious activity is only one part of the equation when it comes to insider threats. CISOs, cybersecurity professionals, risk management teams, compliance officers and others also have to deal with the fact that insiders can also cause serious incidents inadvertently through negligence and ignorance. This challenge has been intensified by the increase in remote and hybrid work.
Organizations can take strong steps to identify insider risk by taking a holistic, purpose-built approach that provides a cohesive view across the organization to achieve a better understanding of relevant trends. Many organizations use machine learning to uncover hidden signs of workplace risk such as inappropriate communications, threatening behavior or actions that would negatively impact employees and the business.
Identifying insider risks is one thing; preventing them from doing serious damage or creating compliance violations is another. When it comes to remediating insider risks, many organizations deploy a simple transactional, rules-based solution such as data loss prevention. Others may deploy a more complex research-intensive solution such as general-purpose user and entity behavior analytics. However, neither of these approaches adequately addresses the full scope of insider risks.
In most cases, organizations have limited resources and tools to identify and mitigate organization-wide risks while also meeting user privacy standards. Such limitations can be overcome with the Microsoft Purview Insider Risk Management compliance solution in Microsoft 365.
With a dedicated insider risk management solution, cybersecurity teams, compliance officers, and risk management professionals can detect, investigate, and act on both malicious and inadvertent activities across the organization. A comprehensive insider risk management solution is built on four pillars:
- Transparent, enabling you to balance user privacy vs. organization risk with a privacy-by-design architecture.
- Configurable, with the ability to define policies based on industry or geographic or business group.
- Integrated, with unified workflow across a comprehensive portfolio of connected, end-to-end solutions.
- Actionable, with insights to enable reviewer notifications, data investigations, and user investigation.
A key feature in deploying a successful solution is insider risk analytics, which enables organizations to conduct an evaluation of potential insider risks without configuring any insider risk policies. This evaluation can help the organization identify potential areas of higher user risk and determine the type and scope of insider risk management policies it needs.
Taking the Next Step on Insider Risk Management
Managing and minimizing insider risk starts with understanding the types of risks in the modern workplace. Organizations can then leverage solutions designed to identify those risks and minimize potential damage through a combination of policies, investigation tools, analytics, triage, and other actions.
Insider Risk Management is part of a comprehensive portfolio of integrated, end-to-end security, compliance, and management solutions across Microsoft Purview, Microsoft Azure, and Microsoft 365 that enable organizations to govern, protect, and manage their entire data estate.
For more information on how your organization can leverage this portfolio to mitigate the risks of malicious or inadvertent insider activities, review the article “Weathering Corporate Change With Insider Risk Management” and visit Microsoft Purview Insider Risk Management.
Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, security and policy violations, and more. Insider Risk Management enables customers to create policies based on their own internal policies, governance, and organizational requirements. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.
1 “Global Cybersecurity Outlook 2022,” World Economic Forum, Jan. 18, 2022
2 “Insider Risk Management Program Building: Summary of Insights from Practitioners,” CyLab, May 2021