Five years ago, almost any chief information officer (CIO) or chief information security officer (CISO) would have dismissed the idea of tolerating any risky data activity. Today, risky data activity is no longer the outlier; it’s the norm.
Over the past few years, many executive leaders have embraced digital transformation to accelerate growth, foster innovation, and drive productivity. With this transformation, collaborative, cloud-based technologies have led to new levels of innovation. The pandemic-era shift to remote work has supercharged this new collaboration culture, turning employees’ work into a very productive mix of fast-paced creation and collaboration via file sharing and editing.
The downside of this fast-paced collaboration that happens beyond the digital walls of your organization is that it can lead to insider risk: data-exposure events—loss, leak, or theft—that can jeopardize the financial, reputational, or operational well-being of a company and its employees, customers, and partners.
Collaboration drives your organization’s competitive advantage. It drives your speed to market, fosters your innovation, and helps you attract and retain top talent. Blocking the data flows associated with these activities in order to prevent risk just isn’t practical.
Collaboration drives your organization’s competitive advantage. It drives your speed to market, fosters your innovation, and helps you attract and retain top talent. Blocking the data flows associated with these activities in order to prevent risk just isn’t practical.
So the question becomes: What insider risks will you tolerate?
Embracing Risk Tolerance
Risk tolerance isn’t a new idea; it’s really the foundation of business decision making. But the concept of risk tolerance has been almost heretical in the world of data security until recently, when supporting remote workers and maintaining business continuity meant organizations had to implement new tools and adopt new ways of working—recognizing that the upsides outweighed the drawbacks.
Even before the pandemic, businesses were increasingly establishing competitive advantage by building cultures rooted in speed, agility, and collaboration, freeing employees to work in smarter, faster ways. But the pandemic was a definitive force accelerator in this paradigm shift. Nearly every organization acknowledges it must tolerate some level of insider risk; even the U.S. State Department now tolerates higher levels of cyber risk than it once did, noting in November 2020 that this shift occurred when they accepted that employees must be able to access networks off-premises.
Prioritizing What’s Acceptable (or Not)
You can’t decide which cyber risks you’ll tolerate until you see what’s happening. It’s important to examine where your organization is most vulnerable to insider risk by looking at where your data lives and how it moves across your environment. Once you have the context to know where your data is exposed to insider risk, you can determine your risk tolerance by deciding which activities are potentially outweighed by their value—and which are unacceptable.
Risk tolerance differs from one organization to the next. Some have zero risk tolerance for source code exposed via removable media. Others watch for zip file creation and movement, while others will drill into specific business documents with the word “customer” in the filename.
Once you’ve decided which activities your organization must avoid, you can decide which insider risk indicators you need to prioritize and monitor.
Insider risk indicators highlight the typical combinations of events that pose the biggest threats to data security. An employee departing your organization naturally poses a threat to data security, because the majority of employees take files with them when they leave for a new job.
Off-hours activity is another insider risk indicator. When employees operate outside their typical work patterns, they may be performing activities that introduce risk. And while some indicators represent likely malicious activity—such as when an employee changes a file extension, a common tactic for disguising its contents—the vast majority of insider risk is introduced by employees simply doing their jobs in our remote-work world, using both sanctioned and unsanctioned collaboration tools with their teams.
New Paradigm, New Approach
The new paradigm of insider risk tolerance requires a new approach to managing insider risk. To find your risk tolerance sweet spot, enabling speed, agility, and innovation while protecting your valuable intellectual property (IP) and data, you need to understand what your risk looks like.
That risk visibility demands a new data protection strategy, backed by tools that see all data activity—all users, all devices (on and off network), and all web- and cloud-based activity—and one that understands context, giving you the details you need to navigate this new and nuanced world of insider risk tolerance.
Learn how Code42 can help your organization protect data in today’s remote and hybrid world.