Last month, Confidencial participated in the NYC Cybersecurity Summit, where insider threats surfaced as a critical challenge faced by security leaders and their organizations. According to the previous year’s Cost of Insider Threats Global Report, insider-related security incidents continue to grow in frequency and cost, with an average of 24 incidents per surveyed organization.
Surprisingly, the threat persists even as a growing percentage—around 63%—of organizations have adopted Zero-Trust strategies. The Cost of Insider Threats Global Report categorically states that the current approaches to insider risks are simply not working.
Zero Trust may be a key strategy against insider threats, but it’s currently not being implemented at every level and for every resource. Cyber threats are multi-faceted, multi-step operations, so the defenses must be multi-layered and established at every level to prevent, combat, and mitigate threats at every step. It’s known as the defense-in-depth (DiD) approach. This strategy involves deploying a series of security mechanisms at different network layers to provide multiple lines of defense. If one layer is breached, the others can still offer protection.
Not All Insider Threats Are Alike
Insider threats come from within the organization. They could be caused by a disgruntled, laid-off employee deliberately taking valuable corporate data and trade secrets with them to get even. They could also be accidental—a negligent user ignoring the glaring red flags and downloading the sketchy, malware-laden application anyway. For example, they could accidentally send confidential files to “Sophie” instead of “Sofie.”
55% of insider incidents are attributed to negligent or mistaken insiders. These accidental incidents are trickier to detect and contain because there are no suspicious behavioral patterns or reconnaissance activities that could preemptively raise concerns. So, while network-oriented security strategies like Zero Trust Network Access (ZTNA) are essential, they must be reinforced with data-centric security measures – like selective encryption – to neutralize errors and threats from employees, users, partners, and third-party contractors that we cannot but trust.
How Selective Encryption Reinforces ZTNA to Neutralize Insider Threats
Zero Trust introduces different levels of trust for various roles and responsibilities, but true zero trust is impossible to achieve through ZTNA alone. ZTNA applies the principles of Zero Trust but enforces them strictly at the network layer. It uses micro-segmentation, granting users and entities access to select network segments and resources and preventing threats' free lateral movement across the entire network. However, within the authorized segments, there’s little that Zero-Trust architectures can stop unless backed up by encryption.
Selective encryption (SE) is a technique that encrypts specific pieces of data, leaving the rest unencrypted. Selective encryption enforces the Principle of Least Privilege Access (LPA). This security concept ensures each user and system process has the minimum necessary access rights for their tasks. Zero Trust often operates at the network layers, while selective encryption works at the data layer. The most sensitive parts of files and documents remain inaccessible even to insiders and trusted entities, except for a few holding the decryption key, reducing the blast radius in the event of negligence or accidental data leaks:
Malware exfiltrates files? The sensitive parts remain inaccessible to those without the decryption key.
Was the file sent to the wrong recipient? The recipient won’t have the key and can't see the critical data.
Put simply, security doesn’t depend on insiders’ vigilance—it is embedded within the data through selective encryption. Together, ZTNA and SE can provide the robust, multifaceted defenses organizations need to protect against a broad spectrum of threats, especially insider risks.
But how can anyone possibly find and selectively encrypt confidential data buried in swathes of files, PDFs, and documents spread across local, on-premise, and cloud environments?
Advanced Threats and Complex Environments Need AI-Powered Solutions
It’s not just the threats that have become more sophisticated. Our IT environments have also become more complex than ever. Cloud environments – especially multi and hybrid-cloud setups – have become essential. Cloud adoption means data is ubiquitous – spread across any local, cloud, or on-prem environment – making it intractable. It’s impossible to apply selective encryption and access controls to all this data without visibility into its location and sensitivity level. Even with the right amount of visibility, the sheer volume of unstructured data means manual processes are not feasible or practical anymore.
For comprehensive data protection, organizations need advanced, AI-powered data discovery solutions like Data Security and Privacy Management (DSPM) and some degree of policy automation. Designed to automatically discover and classify sensitive data hidden across all IT environments, DSPMs provide a comprehensive and accurate picture of the existing data security posture. However, traditional DSPM is not enough alone – it doesn’t have proactive policy enforcement capabilities.
Confidencial adds this proactive factor to its next-gen DSPM platform to discover and actively mitigate risk at scale.
First, it automatically discovers and classifies unstructured data stored in all cloud and non-cloud environments, painting a comprehensive and quantifiable assessment of existing data security posture, showing organizations:
Where their data resides,
How much of their data is sensitive,
What type of sensitive data is it (PII, PHI, GDPR, HIPAA, etc),
How sensitive data is being shared and accessed, and
Whether their sensitive data is at risk
Then, to mitigate this discovered risk, Confidencial takes DSPM a step further and proactively encrypts entire files or just the specific sensitive information within a document, depending on an organization’s data protection needs and policies.
This unmatched granularity helps apply Zero Trust principles to the data level, improving telemetry, compliance, and security in one fell swoop. It effectively neutralizes and contains all kinds of insider threats – accidental or malicious data transfers via email, USB, or any other means – without having to rely on the human factor, the insiders.
Human error is impossible to avoid, but with Confidencial, your data remains protected no matter what. Contact us today to book a live demo and see Confidencial in action!
Comments