Weathering Corporate Change With Insider Risk Management

By Talhah Mir, Principal Product Manager, Microsoft

We are operating in the most sophisticated threat landscape ever seen, and coupled with the latest great disruption—hybrid work—security is more challenging than ever. Protecting your organization from external threats is only one piece of the puzzle. You also must protect your organization from the inside out, another facet of “assume breach” in your Zero Trust approach. Insider risks can be malicious or inadvertent, but they all impact one of your organization’s most important assets: your data.

Factors Contributing to Insider Risks

The Great Resignation, which saw more than 24 million people leave their jobs between April and September 2021, has created a dangerous breeding ground for insider risk to thrive. As with any amount of turnover, you run the risk of your data leaving with the employees; however, now that these numbers have skyrocketed, it is no surprise that the Great Resignation is the top priority and concern of CEOs, regardless of industry.

Hybrid work is also here to stay, and with that comes several challenges and stressors. Teams have become more siloed over the last year, and digital exhaustion is a real and unsustainable risk. According to Microsoft’s Work Trend Index report, one out of five respondents said their employer doesn’t care about their work-life balance. In addition, 54% feel overworked and 39% feel exhausted. An additional study out of CyLab, Carnegie Mellon University’s Security and Privacy Institute—conducted with support from Microsoft—found that 69% of participating organizations had more than five malicious, high-concern insider incidents in 2020, 44% had more than 10 incidents and 11% had more than 100 incidents, such as financial fraud, sabotage, data theft or workplace violence.

The CyLab report also found a direct correlation between negative deterrence actions like employee constraints, monitoring and punishment and an increase in insider risk incidents. This is further supported by a recent MIT Sloan report, which found that a toxic corporate culture is by far the greatest contributing factor to the Great Resignation and is 10X more important than compensation.

A Positive Corporate Culture Mitigates Insider Risk

There is a clear correlation among the Great Resignation, toxic corporate culture and insider risk incidents. A positive corporate culture, one in which employees are engaged, rewarded and supported, can decrease both malicious and inadvertent insider risks, such as data loss, data theft, insider trading and others. To support the well-being of your people, it’s important you create channels and mechanisms to listen to employee concerns, providing an opportunity to give and receive feedback and embrace collaboration.

Taking a holistic, purpose-built approach that can pull signals together into a cohesive view across an organization provides a better understanding of the relevant trends in the organization and better risk reduction. According to Microsoft’s Digital Defense Report, it’s for this reason that organizations are turning to machine learning to uncover hidden signs of workplace risk such as inappropriate communications, threatening behavior or actions that would negatively impact employees and the business.

Considering Insider Risk Solutions

When it comes to remediating insider risks, many organizations either deploy a simple transactional, rules-based solution such as data loss prevention (DLP) or they deploy a much more complex and resource-intensive solution such as general-purpose user and entity behavior analytics (UEBA). From our own experience and what we’ve learned from our Microsoft 365 customers, neither of these two approaches effectively address insider risks.

In most cases, organizations have limited resources and tools to identify and mitigate organization-wide risks while also meeting user privacy standards. Microsoft has developed Insider Risk Management, a solution in Microsoft 365 that helps minimize internal risks by enabling you to detect, investigate and act on malicious and inadvertent activities in your organization. With privacy built-in, pseudonymization by default and strong role-based access controls, Insider Risk Management is used by companies worldwide to identify insider risks and take action with integrated collaboration workflows.

Insider Risk Management is a great solution designed to help you uncover potential data theft or data leak scenarios. With the amount of turnover we’ve seen from the Great Resignation, it’s critical to have a tool that can detect risky behavior in real-time while flagging potential data exfiltration. Being able to identify patterns in the way employees are handling data allows security teams to stay a step ahead of those who might be engaging in unauthorized behavior, willingly or unwillingly.

Insider risks from illegal, inappropriate, unauthorized, unethical or even inadvertent behavior and actions are a major issue for all companies and can easily go undetected until it is too late. From IP data theft to data leaks to many other scenarios, protecting the data within an organization from inadvertent or malicious insider actions is paramount for any organization.

To learn more about how Microsoft’s solutions can help you act on insider risks within your organization, please read the whitepaper we developed with PWC and our guide on getting started with Insider Risk Management.