Be it cyber attacks or the theft of sensitive data - the majority of companies recognize attacks from outside as a real danger. However, as the current Cyber Security study by IDG market research shows, only just under 20 percent of the organizations surveyed rate insider risks as a threat. A mistake that can cause great damage. As part of its "1×1 of IT security" series, Microsoft explains how companies protect themselves from insider threats.
According to the Cyber Security study, 55 percent of the organizations surveyed in the DA-CH region have been victims of data theft by former or current employees. However, to become a potential insider risk, people don't necessarily have to work for a company. Because almost as many organizations were attacked by partners from their supply chain or service providers. Ultimately, anyone with inside knowledge and access to confidential data can become a security risk and cause financial or reputational damage. The number of insider incidents in companies has doubled in the past two years, as the international study by Proofpoint and observeIT shows.
Corporate insider incidents have doubled
In order to get hold of this security risk, the security strategy of companies should start with the insider himself - i.e. with the employees, partners or service providers. Attention and transparency are the keywords. Because internal information is not always intended to be passed on. Training courses can help to sensitize stakeholders inside and outside the company to the compliance guidelines and to convey the correct handling of company data. Information protection on a need-to-know basis is also part of the strategy in many corporations: Employees can only view the information and documents that they need for their specific task.
Insider Risk Management Tools
But especially where there is intent, awareness alone is not enough. In Microsoft 365, Data Loss Prevention (DLP) therefore helps to fully automatically monitor whether someone tries to access files that are classified as confidential. The DLP can be used to prevent these files from being shared.
While DLP starts at the file level, Insider Risk Management in Microsoft 365 goes one step further. The compliance solution helps to automatically identify any type of activity that could pose a risk to the company. These include breaches of confidentiality, theft of intellectual property, fraud, insider trading or even violations of legal regulations.
Risk guidelines as a reporting function
Using insider risk guidelines, it is possible to define the corresponding types of risks and to report cases to Microsoft Advanced eDiscovery. This makes it possible for risk analysts or administrators to quickly take suitable measures so that users can adhere to the company's compliance requirements. This protection also helps in the event that employees leave a company. An appropriate insider risk management policy can automatically detect activities that indicate theft.
Zero Trust - comprehensive security
With our tools and solutions, we contribute to the security of companies. We support you in developing a holistic security strategy based on a zero trust approach. Because we are convinced that today it is no longer sufficient to protect networks from the outside with a wall and to assume that every person in it has a right.
The pandemic has made the importance of a comprehensive security strategy even more important. In the age of remote work, in which data is available on the free Internet, a distributed security model must be used. Just as cloud technology is redefining the boundaries of collaboration, our AI security applications help secure these borderless systems and inspect risk signals across all identities, devices, applications and data before access is granted.
More at Microsoft.com
About Microsoft Germany Microsoft Deutschland GmbH was founded in 1983 as the German subsidiary of Microsoft Corporation (Redmond, USA). Microsoft is committed to empowering every person and company in the world to achieve more. This challenge can only be mastered together, which is why diversity and inclusion have been firmly anchored in the corporate culture from the very beginning. As the world's leading manufacturer of productive software solutions and modern services in the age of intelligent cloud and intelligent edge, as well as a developer of innovative hardware, Microsoft sees itself as a partner to its customers to help them benefit from the digital transformation. Security and data protection have top priority when developing solutions. As the world's largest contributor, Microsoft is driving open source technology through its leading developer platform GitHub. With LinkedIn, the largest career network, Microsoft promotes professional networking worldwide.