Trust in employees is the cornerstone of a healthy work environment. It fosters collaboration, boosts morale, and encourages loyalty. However, blind trust can be perilous, especially in the age of cyber threats and corporate espionage. The ability of insiders to inflict extensive damage, often without detection until it's too late, poses a significant risk to the well-being and reputation of organizations.
Recognizing the need to address this intricate challenge, organizations are increasingly investing in strategies and programs to mitigate insider threats.
To help organizations along that path, MITRE’s Centre for Threat Informed Defense has spearheaded the development of an updated version of their Insider Threat Knowledge Base v.2.0, a comprehensive resource designed to expand understanding and combat insider threats effectively.
Next DLP is one of eight organizations that sponsored MITRE’s Insider Threat research. As an Insider Risk Management platform, we understand how important it is to automatically sequence high-risk activity signals and generate prioritized risk-scored incidents for analysts to review and investigate.
So let’s dig into what’s new in the 2.0 release.
First, the set of insider TTPs (Tactics, Techniques and Procedures) has been increased based on the analysis of hundreds of Insider Threat cases. These are cases of real insiders, not what insiders could have done, but what they have done.
Second, central to the expanded scope of the research is the incorporation of Observable Human Indicators (OHIs). By collecting and analyzing OHIs, organizations can better correlate them with known technical insider TTPs. This proactive approach enables early detection and intervention, bolstering the organization's resilience against insider threats.
While technical indicators are valuable in detecting cyber breaches, human behavior often serves as the first warning sign of insider malfeasance. By leveraging both technical and human-centric indicators, organizations can establish a multi-faceted defense mechanism that is better equipped to thwart insider threats at every turn.
Finally, TTPs provide the baseline for the mitigation mappings proposed to help organizations protect their customer data and IP. The updated framework provides a series of mitigations mapped to MITRE ATT&CK® and applies them to the techniques used by insiders.
In conclusion, the expanded Insider Threat Knowledge Base v.2.0 represents a significant leap forward in this endeavor, providing organizations with the tools and insights needed to navigate the complex landscape of insider threats with confidence and resilience. And if you’re looking for an Insider Risk solution that automatically maps high-risk detections to MITRE Insider Threat TTPs, look no further than Reveal from NextDLP.