Insider Risk vs. Malware – Why Insider Risk Requires a New Approach

Insider Risk is a fundamentally different problem than malware or external threats for security teams, which means that protecting data from insiders requires a fundamentally different approach.


Security teams focused on mitigating data loss threats are increasingly facing challenges that come from the way their own coworkers across the business get their jobs done. Years of digitization, hybrid and remote work, and empowering employees to collaborate effectively from anywhere has changed the structure of data in most organizations.

Annual Code42 Data Exposure Report research shows the Insider Risk problem keeps getting bigger. Employees are 85% more likely to leak or take data today than pre-pandemic, and there’s a 1 in 3 chance that you’re losing critical intellectual property every time an employee leaves the company. But it’s not just the proliferation of cloud tools and remote work that’s accelerating the problem. In many ways, the mindset and strategies that security teams use to attack insider threats are actually aggravating the issue.

Conventional threat response is a game played in black and white

Until about four years ago, the predominant risk to data was from malware and other external threats, which meant “hunt and block” was the name of the game in enterprise security operations. In that world, speed is critical. And the military mindset that guides the tools, strategies, and language of data security and cybersecurity makes perfect sense: But defending against external actors and malware is a game played in black and white. There are clear demarcations between threats and non-threats. There is zero tolerance for malware — it needs to be definitively stopped.

The adversarial approach is logical: There are only good and bad actors, so there’s no discussion of how to get the bad actors to act … less bad. And there’s no need to bring in HR or Legal because these threats come from outside your organization — you just need to act fast to block the threat.

Insider Risk management is a game of nuance — played in full color

Insider Risk is a fundamentally different problem than malware or external threats for security teams, which means that protecting data from insiders requires a fundamentally different approach. Insider Risk isn’t a black-and-white game with clear sides; it’s a game of nuance, played in full color. These aren’t external bad actors — they’re your colleagues. But their inside access can lead to Insider Risk that causes more damage much faster. Some unintentionally expose data as they try to get work done faster, more easily and effectively. Then there’s the rare-but-alarming malicious insider, who uses their insider access to cover their tracks by making intentional IP theft blend in with the noise of everyday productivity.

The conventional security mentality makes Insider Risk worse

Military-inspired language, strategies, and mentality (e.g., hunting down and neutralizing threats) common for malware don’t work with Insider Risk. In fact, it only makes the problem worse. Put another way, applying the conventional security mentality to Insider Risk puts the security team in an antagonistic position with people that could be effective partners. The twitchy “trigger finger” on DLP, CASB and other traditional blocking tools shoot down far too much legitimate, valuable, and harmless employee activity. This “friendly fire” impedes productivity and collaboration — and directly works against the speed, agility, and innovation the C-suite is driving toward. Moreover, a DLP or CASB only alerts you to bad actions that you’ve already told it to look for — what about all of the other risk that you didn’t specify?

Protecting and enabling the business

No one wants to be a business blocker. And with more organizations prioritizing innovation, collaboration, and agile productivity, security teams feel more pressure than ever: Leadership demands that you stop breaches and keep the company out of the headlines — yet impeding innovation and productivity could similarly cost security leaders their jobs. Insider Risk Management programs stop data exposure with controls frameworks that take into account the severity of a risk and offer proportional options. This shift in approach results in expanded control over the data leaving your organization and secure work habits to decrease future chances of employees putting data at risk.

To learn more visit us here.

Copyright © 2022 IDG Communications, Inc.