With employees working from home now more than ever, phishing attacks and security threats are at an all-time high. Teleworking means that data is being accessed from outside the office in volumes that have never been seen before.
“Zoombombing” (unwanted meeting guests) and other security issues related to video-teleconferencing (VTC) software have received a lot of attention in the news. While these external problems are important to address, there is another issue to consider – insider threats.
What is an insider threat?
The National Cybersecurity and Communications Integration Center refers to it this way:
“An insider threat is generally defined as a current or former employee, contractor, or other business partner who has or had authorized access to an organization’s network, system, or data and intentionally misused that access to negatively affect the confidentiality, integrity, or availability of the organization’s information or information systems.”
The official definition used above states intentional misuse. But there are also cases of accidental abuse. External threats can arise even with the best security protocols in place. But, a lack of care or unintentional use is a ripe opportunity. These situations include things like accidentally emailing out a sensitive document or leaving data in a shared folder.
Bret Arsenault, Microsoft’s chief information security officer and corporate vice president says that “Fundamentally, a company’s employees are usually trying to do the right thing, but sometimes the intention is different than the outcome.” With that in mind, Microsoft has developed a new solution, Insider Risk Management.
How can Insider Risk Management help?
“Protect. Detect. Respond.” Insider Risk Management uses machine learning to spot trends based on user habits across Azure, Microsoft 365, and Windows applications (if Active Directory is used). This includes Teams, OneDrive, SharePoint, Outlook, and others, to name a few. Taking in this data over time can help Insider Risk Management flag potential security breaches and identify dangerous practices.
Originally Insider Risk Management was developed for internal use by Microsoft. With over 150,000 employees spanning the globe, mitigating the risk of insider threats is a top priority for the company.
The way the system works is a layered approach. In the beginning, all reports are anonymous. It gives those in charge of oversight the ability to determine whether there is a potential threat. Microsoft presented a few examples of behavior that the system will identify.
- Downloading files from SharePoint in large amounts
- Copying files to a USB drive
- Disabling antivirus or security software
- Emailing files outside of your organization
Is sensitive company financial data being downloaded in large amounts, or is it just sales material needed by a representative in the field? Are customer credit cards and personally identifiable information included? Answering these questions is key to determining whether or not there is a potential threat. Giving this data to human resource managers is critical. Right now, most companies do not have a comprehensive way to track these metrics. Insider Risk Management provides a full view.
Insider Risk Management works best for companies that have a person dedicated to overseeing security operations. This person can work with the appropriate individuals to research threats and determine a course of action.
Microsoft developed these algorithms in consultation with legal and privacy advocates, designing thresholds for when behavior is marked as a risk.
Next steps
The important thing about Insider Risk Management is its seamless integration with other services that businesses already know and use.
It’s a part of the Microsoft 365, meaning it can be configured and deployed fairly quickly. For organizations that are quickly living in a digital world, this peace of mind is a worthwhile investment.