APPLY FOR PARTNERSHIP
Thank you for your interest. Kindly fill out the details below and we will contact you back soon.
Please complete this form to be contacted by one of our experts.
Enterprise security involves both external and internal threats. Enterprises however, typically focus on external threats. This leaves malicious activity and accidental events involving enterprise insiders not sufficiently addressed. Internal threats, admittedly, are harder to detect and prevent.
In our last article , we explored the definition of an insider threat, its prevalence and enterprise readiness to combat them. Based on our ‘Insider Threat Report 2022 – Singapore Edition’  report, 80% of enterprises agree that insider threats pose the same risk as external threats. While there is widespread awareness among enterprises with regard to the severity of insider threats, current mitigation strategies are far from comprehensive and make most enterprises feel vulnerable to insider attacks. Impacting the effectiveness of these mitigation strategies are a number of gaps that continue to plague today’s enterprises.
Tackling the disparity between IT and non-IT departments
With sufficient familiarity and insight into the mechanisms by which internal breaches might be perpetrated, IT departments are often in the best position to lead an enterprise’s insider threat prevention program. The report found that 72% of respondents felt that the IT department should be in charge of mitigating insider threats. On the other hand, 71% felt that the risk and compliance department should champion such programs, while 61% and 41% expect the board and HR department to be involved, respectively. With no clear idea of which department should spearhead and coordinate insider threat management, enterprises may find themselves with fragmented policies and many unaddressed security areas.
Non-IT departments, unlike IT departments, are inevitably much less aware and thus less prepared to combat an insider attack. The report found that 41% of respondents were unsure or unaware if a formal threat prevention program existed outside their IT departments, with 23% confirming the non-existence of such programs. Even the smallest vulnerability, for example, an open enterprise WiFi access point can expose the enterprise assets to threats, if left unmonitored. Enterprises thus need to close the divide between IT and non-IT departments’ insider threat awareness and prevention policies, ensuring non-IT employees are well-informed of the rules regulating enterprises’ cyber hygiene.
Formalizing rules into laws
With awareness on insider threats on the rise and mitigation strategies in good progress, it is about time enterprises adopt the right guidelines, practices and organizational values that can take their insider threat management to the next level.