[April 24, 2020]

How to Quick Start an Insider Threat program

Only 38% of organizations have an insider threat program. Another 28% had planned on adding one in the next 6-12 months” according to the 2020 Insider Threats Survey by Cybersecurity Insiders. As the threats continue to rise with employees working with new tools as they adjust to working from home, threats of every kind are on the rise. With economic uncertainty looming, insider threats are predicted to increase. Employees start to get nervous and collect documents and information that they believe will be helpful to gain employment elsewhere or provide financial gain. Thus, now it is even more important to formalize an insider threat program. 

We hope this overview provides IT and security professionals a quick start guide on dealing with risky insiders, and how organizations are preparing to better protect their critical data and IT infrastructure.

Step 1: Balance business needs versus risk

Gartner recommends starting with a Data Centric Blueprint.  Looking at what the business priorities and what are the business assets in terms of data and intellectual property that are most vulnerable. 

The conversation needs to start at the strategic level identifying the priority datasets that pose the greatest risk to the business - what are the compliance risks? What are the business risks if certain information gets into the hands of competitors? What value does it have to any threat actors and malicious insiders?

Quick start action - START WITH THE “USUAL SUSPECTS”. 

High Value Assets - business critical data such as product designs, financial and customer contracts and other Intellectual Property

  • High Value Roles - roles within your organization that have access to high value assets (Finance, R&D, IT)
  • High Value Users - the executive team at your organization or VIPs

Step 2: Identify the critical datasets and establish a way to monitor them. 

The value of Data Behavior Analytics provides visibility to all data sources, how individuals interact with it and delivers insights and analytics that identify risky destinations, risky behaviors and risky users that are putting your data at risk. This allows you to have a risk assessment at a more holistic level. 


Automatically discover the risk to all your sensitive data (IP, Source code, designs, PII, PCI, PHI) and understand the usage and access behavior to accelerate business outcomes.

Hassle free process

  • no data classification
  • no policies
  • no cost

Step 3: Define data security needs. 

Knowing who has access to information is the first step.  Knowing what people are doing with your valuable and sensitive data is the 2nd. Then you can take the right actions to protect it with additional employee education, or specific security policies and tools.  It is impossible to block something when you don’t know it is a problem.


Step 4: Integrate steps into response playbooks

Following a Data Centric Blueprint can lead to a more robust Insider Threat Program which may or may not include a variety of point solutions that you may or may not already have. Data Behavior Analytics (DaBA) - a new approach from Cyberhaven is context rich, with broad visibility across all sources to all destinations. It can serve as the foundation for your insider threat programs and help you identify the gaps in current data protection tools. 


Cyberhaven automatically discovers all the locations in which your Intellectual property is going and where all your client data is being stored. It alerts you when your data is getting to risky destinations, or is being processed inappropriately by risky users (such as departing users or repeat offenders). It allows you to understand if a data leak happened accidentally or intentionally so you can remediate appropriately.

Cyberhaven allows you to understand where your data is living, how your users interact with it, and where and how it’s being shared to better manage data risk and regain confidence in sensitive data handling.

An Insider Threat program is a journey.  Cyberhaven can help you along that journey. You can get started immediately with a Free Data Assessment or learn more about the latest 2020 Insider Threat trends.


Topics: Insider Threat