It’s Time To Raise Our Game On Insider Threats


By Greg Moran

I’ve been working in the world of enterprise tech for 31 years now. While we’ve been discussing the digital workplace that entire time, I truly believe that we are now actually delivering on that promise. With collaboration tools that have been forged in the fire of consumer tech and adapted to the enterprise (think Teams and Workplace by Facebook), combined with the coming of age of Generations Y and Z, the digital workplace is now a reality.

As always, with great power comes great responsibility. The power of the digital workplace comes with an exponential increase in human interaction, as well as an inherent catalyst for risk creation. As collaboration platforms continue to gain traction, the concern for insider threats grows.

The concept of an insider threat is a simple one: it is a risk of breach from individuals within a given organization (e.g. employees or contractors)—either intentionally or unintentionally. I don’t know any serious enterprise around the globe that is not burning ergs on insider threat prevention. In fact, 90% of all organizations [note: link opens a PDF] feel vulnerable to a breach from an insider.

Image Source:  CA Technologies

Image Source: CA Technologies

Unfortunately, the risk level is especially high given the amount of access, knowledge and autonomy that employees possess. It’s a multi-front war with Universal Asset Management (UAM), network anomaly detection, user education and many more weapons in play.

The truth is (inconveniently), people act one way in formal meetings and another way on their company's digital collaboration network. Add in the heavily used private message features and you’ve got the potential for some serious risk.

In fact, private conversations are 144% more likely [note: this is NOT gated content, despite the 'download full report' button at the top -- just keep scrolling] to contain confidential content than public ones.

Image Source:  Wiretap

Image Source: Wiretap

3 Kinds of Insider Threats

There are 3 basic types of threats inside the workplace, including:

1. Inadvertent Actors (24% of Insider Threats)

Even when it comes to benevolent employees, there is still the risk of insider threats simply from employee negligence or ignorance. Often, employees don’t understand when their behavior, such as sending a sensitive document over a public company channel, is risky.

2. Malicious Insiders (31% of Insider Breaches)

These are the evil-doers that we often picture when speaking about insider threats. These employees either enter an organization with the intention of causing some sort of breach or damage, or become disgruntled employees who commit the act (often on their way out the door).

3. Outside Insiders (45% of Insider Breaches)

Outsiders include third-party contractors who possess some degree of access to the workplace networks. This is the largest group of insider threats. Unfortunately, some of the most devastating data breaches in recent years happened via third-party vendors generally with no bad intent.

The Role of Monitoring in Insider Threat Protection

I could extol the virtues of collaboration platforms all day long; it is simply a long-affirmed truth that we do our best work as a species when we collaborate and feel connected to others. Companies that have figured out how to do it well win in the marketplace.

However, as these company messaging platforms become more prominent, they will inevitably displace email. And now is the time to take the inherent risks of these communication platforms seriously—especially since they end up being much more casual and chatty than email. These tools were designed using a paradigm that reflects conversation, as opposed to email, which reflects interoffice mail.

This creates a scenario where inadvertent actors may accidentally and negligently share sensitive data because they put something in writing they wouldn’t ordinarily email to a colleague. For example, 1 in every 118 public communications contains confidential information. Unfortunately, this also creates more space for malicious insiders to prey on those inadvertent actors.

Enter the case for monitoring. Let’s face it, the best way to handle a breach is to avoid it. With the General Data Protection Regulation (GDPR) requiring all breaches to be communicated within 72 hours of becoming aware of the issue (which any of us that have been around the block realize is a very difficult standard to meet), we are way better off focusing on prevention.

We’ve been monitoring employee email communications using data loss prevention software for what seems like forever. In fact, as of April 2017, 78% of major companies now monitor employees’ use of email, Internet or phone.

It behooves us to come out of the chute with responsible, ethical and effective monitoring in place for the latest class of collaboration platform—one that’s been designed from the ground up to address the unique ecosystem of digital collaboration in a way that helps you manage risk, while preserving an elegant user experience.

About Greg Moran

As the Chief Operating Officer at Wiretap, Greg has a unique talent for asking the people around him to go beyond the limits they see for themselves – a standard he also adheres to, as he turned down multiple enterprise CIO jobs to join Jeff Schumann at this venture-backed software start-up. Greg leverages his extensive background in technology, strategy and digital transformation to scale the company, with a focus on sales and operations.

More About Greg