^{INSIDER THREAT VISIBILITY}

REDUCING RISK AND GAINING EFFICIENCY

INSIDER THREAT VISIBILITY

REDUCING RISK AND GAINING EFFICIENCY

INSIDER THREATS AND COMPLIANCE RISKS ARE PERSISTENT CHALLENGES PARTICULARLY IN HIGHLY REGULATED INDUSTRIES THAT STORE LARGE AMOUNTS OF SENSITIVE DATA.

SHAWN AQUINO

Intelligent Compliance Product Marketing Manager, Proofpoint

STEPHANIE TORTO

Senior Product Marketing Manager, Proofpoint

JOHN PEPE

Market Development Principle, Financial Services, Proofpoint

NIRAV SHAH

Principle Product Manager, Proofpoint

^{In 2022, the annual cost of an insider threat reached $15.4m, with the equivalent cost of a data breach at $4.45 million in 2023. In the FinServ industry, these losses topped $21.3 million and $6.4 million, respectively.}

With the stakes this high, it’s little wonder that nearly two-thirds of compliance leaders in 2021 expected to spend more time and resources on risk issues in the future. But acknowledging the need for greater resources and knowing what to implement and where are two very different propositions.

The reality is, protecting our users, mitigating risks, and safeguarding sensitive data and information protection – all while enabling seamless yet stringent compliance – is not a job for a single solution. In fact, it is not a job for a single department.

Rather, security, compliance, privacy, legal and HR teams must work together, combining complementary technologies like Proofpoint Insider Threat Management (ITM), Proofpoint Archive and Proofpoint Supervision.

By working together, departments can improve the efficiency and effectiveness of detecting and preventing insider threats and compliance risks in order to enhance the security of their entire organization.

Understanding Proofpoint ITM

Around a third of data breaches are insider-driven, making an ITM solution essential to any effective cyber defence. By correlating user activity and data movement, Proofpoint ITM quickly identifies suspicious behaviour and detects insider-led incidents. Security teams can monitor all manner of user activities, from application usage and website visits to file movement and manipulation. Ultimately, ITM gives you the visibility to minimise the time to detect and prevent insider incidents – reducing human-risk and minimising financial consequences and brand damage.

Find out more

Understanding Proofpoint Supervision

Proofpoint Supervision leverages deep insights, machine learning and more to monitor digital communications and for conduct and compliance requirements. It identifies potential regulatory, legal, compliance, HR and reputational risks before they become serious issues.

Security teams can view all risk information in a single dashboard, including user violation frequency and companywide trends. Real-time alerts notify compliance teams when queue thresholds are exceeded. All review activities are fully audited, and activity history can be easily exported into the industry-standard format for easy reporting.

Learn more

Understanding Proofpoint Archive and Proofpoint Discover

Proofpoint Archive gives you everything you need for basic e-discovery, with real-time search, hold and export capabilities. It helps simplify legal discovery, regulatory compliance and long-term data access.

The central, searchable repository supports a wide range of content types from various sources for easy search, discovery and supervisory review. With Proofpoint Discover, advanced visualisation tools, technology assisted review, case management and conversation threading capabilities give you fast access to actionable insight.

With Archive and Discover, you can be sure that your critical data is secure in an easily accessible, compliant, cloudnative archive – helping you meet long-term corporate and regulatory information retention requirements.

Proofpoint Archive

Proofpoint Discover

3 examples of solutions in action...

ITM, Archive and Supervision are effective standalone solutions, helping security and compliance teams monitor risky user activity, generate actionable insight and meet regulatory requirements. They are most effective when the insights are used together to enhance and accelerate investigations. By combining these solutions – along with other controls and training programmes – organizations can proactively monitor and respond to a variety of insider-led scenarios. Three common use cases that highlight the synergies and benefits of having solutions to monitor insider threats and compliance risks are outlined below.

Use case #1

Insider trading

Unauthorised use of company data is a major concern for any business, let alone one that stores and processes massive amounts of sensitive information and IP and needs to meet stringent compliance requirements. Whether it is research and development, company financials or merger and acquisition details, organizations must tread the line between allowing relevant employees access to the data they need and stopping that data from accidental or malicious misuse and loss.
Scenario: An employee downloads a file with sensitive data related to a potential acquisition from the corporate repository. They change the name of the file to ‘Holiday Pictures’ and upload the file to their personal cloud repository.

Solution:

Proofpoint ITM detects exfiltration of sensitive data and triggers alerts based on keywords.
All activity – file download, rename and upload – is tracked and retained for further investigation.
Proofpoint Supervision detects a potential insider trading ring discussing acquisition activity.
All communication between relevant parties is analysed and retained for security teams to review.
Proofpoint Discover’s ‘Network with List’ visualization highlights further communication connections that would not otherwise have been identified.

Use case #2

Employee harassment

Defending in-depth not only helps to protect your people from cyber threats. It can help to solve issues of workplace abuse and harassment, too. By monitoring user behaviour and analysing communication, cyber security tools are a highly effective way to detect toxic work environments, investigate grievances and support claims of mistreatment.
Scenario: HR contacts Legal for help investigating possible harassment detected by Proofpoint Supervision. Initial investigations are inconclusive, and they are unable to substantiate a solid case. More context and visibility into staff communications is required. The security team is contacted for further insights into potential risky behaviour.

Solution:

Security teams use Proofpoint ITM’s search functions and filters to hunt for related threats.
With timeline views, the ITM solution maps a full picture of the event and its broader context, providing insight into what happened before, during, and after an incident.
Screenshots can be used as forensics evidence.
User information is presented back to Legal and HR in an easily digestible visual report for faster interpretation and resolution.

Stronger together

The modern way of working, accelerated cloud adoption, and high employee turnover create risks of data loss and compliance violations that won’t abate any time soon, especially for Financial Services organizations.

Use case #3

Employee departure
82% of CISOs agree that employees leaving their organization played a role in a data loss event according to our 2023 Voice of the CISO report. Departing employees are a major risk factor for data loss. Employers have little recourse over ex-employees, making the chances of finding and recovering data once it is out the door incredibly slim. However, there is plenty you can do to detect risky departing employees while they are still in your employment. Many will provide indicators of their intentions through communications and behaviour before their departure.

With advanced monitoring and investigation, you can spot the signs of potential data loss and risky behaviour before it’s too late.

Scenario: An employee sends a message about their intention to resign and take on a new role at a competitor.

Solution:

Message is detected in supervisory review and forwarded to the security team for investigation.
The employee is added to a watch list. All messaging and activities are monitored until their departure.
Detection and prevention rules are implemented to block sensitive data exfiltration and other high-risk behaviours.

To meet these challenges, organizations need visibility into risky behaviour and compliance issues that enable various stakeholders (such as security, HR, legal, compliance, and privacy) to work together effectively and efficiently to accelerate investigations and respond approximately.

Bringing together insights from Proofpoint ITM with Proofpoint’s Intelligent Compliance solutions, security and compliance professionals gain the context they need to protect the organization from insider-led data loss, fraud, and other illegal activities while enabling compliance with corporate policies and regulatory mandates. Security, compliance and employee wellbeing are not jobs for singular departments. They’re everyone’s responsibility.

When departments work together, they support each other’s objectives, increase the efficiency of their processes and create a supportive and security-conscious culture across the board.

FIND OUT MORE

Discover more ways that ITM and Compliance solutions complement the work of Compliance, Privacy, Legal and HR departments.

Download our eBook

Get your free ITM starter pack