Did you catch the new Fortinet blog on challenges of insider risk? It is worth a read:
Addressing the Challenge of Insider RiskHere are suggested strategies to minimize the risk:
- Train employees to see and report suspicious activity. In addition, run background checks on users being given privileged access to digital resources.
- Deploy tools that can monitor user behavior and activities – including policy violation and leverage machine learning to detect unusual behavior.
- Segment the network to limit activity to specific network regions. For more sensitive operations, a zero trust model can be especially effective.
- Implement configuration management tools that can quickly assess and identify improperly configured device.
- Monitor data access and file transfers, and invest in file tracking technologies.
- Implement a data loss prevention (DLP) process and related technologies.
- Strengthen identity and access management (IAM), including the use of multi-factor authentication.
- Encrypt data in motion, in use, and at rest. Invest in technologies that can inspect encrypted data at business speeds.
- Use a SIEM tool to correlate threat intelligence gathered from across the network to identify those needle in a haystack events that are impossible to detect using manual correlation.
- Use deception technologies and honeypots to detect activity that strays from assigned tasks.
Hope this helps!
------------------------------
Jeannette
------------------------------