The Biggest Threat To Data Security

Insider risk: Biggest threat to data security? Biggest driver for information governance change?

Struggling to get buy-in for data security projects? Is it time to focus on insider risk to get your board’s attention?

We get it. It’s difficult to get buy-in and budget for DLP and information security improvements until the worst happens. However, if you haven’t experienced a breach you’re in the minority…

87% of security leaders experienced a data breach in the last 12 months. Of these data breach incidents, 37% were due to external perpetrators using lost or stolen credentials and a whopping 63% were due to insider risks – over half of which were inadvertent, with the rest due to users with malicious intent.

According to a recent Microsoft survey taken in March 2024

We asked attendees at our recent webinar on insider risk, how their organisations managed the threat today.

how does your organisation manage insider risk

If your approach to insider risk is reactive or non-existent, like the majority of our webinar attendees, the good news is that Microsoft’s Adaptive Protection can help anticipate and manage risky behaviour proactively.

Our webinar provided a detailed overview of Microsoft’s Insider Risk Management and its integration with Microsoft Purview. Our technical lead, Johann van Schalkwyk, explained how the system uses machine learning to detect risky behaviour and the importance of combining multiple controls to secure data. He demonstrated the setup process for Insider Risk Analytics and discussed the Cloud Essentials Compliance Accelerator Programme, which offers a comprehensive approach to deploying Microsoft Purview and managing insider risks. 

Our compliance and legal experts, Nivasha Sanilal and Melindi Dean, addressed the user privacy concerns and legal basis for deploying insider risk management.  We discussed the importance of transparency and adequate notice to employees, as well as the need for a lawful basis such as legitimate interests. The discussion also covered the role of company culture in influencing insider risks and the importance of embedding compliance principles within the organisation.

Three key takeaways from the webinar:

     

      • Importance of Multi-faceted controls: Effective insider risk management requires a combination of people, process, and technology controls. Microsoft Purview’s Insider Risk Management leverages machine learning to detect risky behaviour and integrates with other security tools to provide a comprehensive security framework.

      • Compliance and privacy considerations: Organisations must ensure they have a lawful basis for monitoring employees, such as legitimate interests under GDPR and POPIA. Transparency and adequate notice to employees are crucial, and these requirements should be reflected in employment contracts and privacy notices.

      • Role of company culture: A strong compliance culture within an organisation can significantly influence the likelihood of insider threats. Embedding compliance principles and setting a tone of transparency and ethical behaviour from the top can help mitigate risks associated with disgruntled employees.

    Catch up on the full webinar below.  And please get in touch to discuss your insider risk challenges with one of our experts.

     

    The only way to really know if we’re a good fit is to get in touch, so let’s have a chat! One of our friendly experts will get straight back to you. You never know, this could be the beginning of a great partnership.
    Bristol
    Cape Town
    Johannesburg
    Email