If you don’t think you’re at risk of employee data theft, think again. In fact, depending on which report you’re using as a reference, one-third of data breaches are inside jobs. Just consider these two recently released studies:
- “A Triple Threat Across the Americas: 2022 KPMG Fraud Outlook” reported that 31% of respondents suffered from fraud perpetrated by an insider in the past year.
- Cybersecurity Insiders’ “2022 Insider Threat Report” reported that 57% of organizations feel insider incidents have become more frequent over the past 12 months.
It might be argued that this increase in insider data breaches is a temporary result of the global pandemic, perhaps the culmination of employees being more disgruntled and stressed than in recent memory.
If only that were true. In 2019, prior to COVID-19, Verizon’s “Data Breach Investigations Report” found that 34% of data breaches were the result of “insider threat actors.”
How to Detect Insider Threats
Recently, Comparitech offered its list of the seven best insider threat detection tools designed to alert organizations they might be at risk of data theft. While you can visit the Comparitech website for full details, below are the seven detection tools that made its cut.
- SolarWinds Security Event Manager: Gives the best combination of insider threat control and flexibility.
- ManageEngine Endpoint DLP Plus: This data loss prevention system tracks user access to sensitive data to spot insider threats on all endpoints. Runs on Windows server.
- Datadog Security Monitoring: Provides excellent preconfigured rules for fast deployment.
- PRTG Monitor: Uses a specialized sensor to track user behavior.
- Splunk: Uses peer group analytics to track both groups and individuals.
- ActivTrak: Offers extensive threat detection paired with efficiency insights.
- Code42: Allows for extensive intellectual property protection and data monitoring.
The Problem with Detection Tools
Insider threat detection tools are just that – detection tools. In other words, these tools are designed to detect unusual activity that could put the organization at risk of a data breach, such as abnormal end user behavior.
In fact, Comparitech states that the best detection tools are those that “look for secondary indicators of a threat before fully flagging an intrusion.” From where we sit, that doesn’t stop an intrusion; it only alerts management that an intrusion has occurred, which makes the data breach fait accompli.
Moving From Threat Detection to Threat Prevention
USB port locks, network module locks, LAN cable locks, and secure USB hubs for your attached USB devices are inexpensive devices that can prevent malicious insiders from connecting their USB flash drives, external hard drives, and anything else you can imagine to your computers and/or your network.
Physically securing your data perimeter is a surefire way to protect your endpoints not only from malicious insider attacks, but also from innocent and non-wary employees who use their office computer to charge their infected mobile phone, triggering an event that takes down the entire network.
The cost of locking all computer and network ports is minimal – especially when compared to the average cost of a data breach, which is now a staggering $11.45 million, according to a recent report from Ponemon Institute’s Cost of a Data Breach Study.
In addition, when compared to the cost of a threat detection subscription service – which can run more than $5,000 per year and won’t prevent threats from occurring – we submit that a port lock device is, and forgive the pun, a steal.