Globally, over one-third of businesses are impacted by insider threats every year, with organizations experiencing a 47% increase in insider incidents since 2018.
Regardless of whether these incidents are malicious or accidental, the ease of access to critical information possessed by insiders and difficulty identifying, tracking, and quantifying their damage makes this a critical risk that organizations must address.
Pathfynder is at the forefront of establishing and maturing insider threat programs for global organizations. The following case study covers an insider threat engagement with a Fortune 50 company.
A Fortune 50 company with sensitive intellectual property needed to mature its highly manual insider threat program to effectively mitigate the risk posed by its employees, contractors, and other third-party resources.
Pathfynder’s insider threat solution distills highly manual processes into automated playbooks designed, tested, and implemented by experts with over 20 years of experience. At the start of this engagement, we provided a foundational batch of playbooks which were tailored to operate within this Fortune 50’s environment.
These playbooks combed two critical components to automate threat identification which empowered this Fortune 50’s analysts to operate more effectively:
We eventually focused our playbooks on two primary threat personas: flight risks (employees on the verge of resigning) and terminated employees. Flight risks were identified by monitoring activities associated with job sites or communications with competitors. For terminated employees, Human Resources alerted the insider threat team of an upcoming action, which enabled a review of the subjects’ activity over the past 30 days up until the date of separation.
Converting what once were highly manual processes into automated playbooks tailored to this organization was an iterative and deliberate process between Pathfynder and the security team. This investment had an immediate positive impact on this Fortune 50, significantly maturing their insider threat program and establishing it as a critical component of their defensive strategy.
These algorithms alert insider threat investigators to potential malicious activities they can track and mitigate. Program managers and company leadership receive reports with detailed findings, arming executives with critical information to make informed decisions on how best to proceed.
HOW WE GOT THERE: THE POWER OF PLAYBOOKS
Playbooks are designed to identify potential insider threats and support investigations through the collection and analysis of the insider’s behaviors. Playbooks greatly enhanced this Fortune 50’s security analyst capabilities and made their process more efficient as foundational playbooks were refined and additional playbooks added.
Below is a summary of how we advanced this Fortune 50’s insider threat program from a largely manual process to a primarily automated one:
INTERESTED IN READING MORE ABOUT PATHFYNDER'S APPROACH TO INSIDER THREATS?
Pathfynder is a service-disabled veteran-owned small business with offices in Washington, D.C. and Bozeman, MT. Shaped by decades of US military and intelligence community experience, we provide cybersecurity expertise and solutions trusted by small and medium-sized businesses as well as Fortune 50 companies.