Proactively reduce insider threats across the enterprise

According to the Verizon Data Breach Investigations Report, negligent insiders are by far the most common insider risk to any organization, responsible for 62% of all data security incidents. Malicious insiders are responsible for just 14% of insider data breaches. The remainder of cases involved stolen credentials.

Despite being more common, negligent insider threats are typically the least damaging to the enterprise. The average cost of remediating insider negligence was just over $300,000 in 2020, compared with over $750,000 when a malicious insider was the cause of a data breach. Malicious insiders can do more damage by deliberately targeting a company’s most valuable data and evading attempts to be identified.

Overall, insider risk of all kinds is responsible for just 20% of data breach incidents. The other 80% involve external threat actors. However, the cost of remediating an insider breach is much higher — the average insider exfiltrates 10 times more information than the average external threat actor.

Collaboration tools are software applications that enable individuals and teams to work together more effectively and efficiently. These tools are designed to facilitate communication, document sharing, project management, and workflow automation across the enterprise. Top collaboration tools include Slack, Microsoft Teams, Webex by Cisco, Zoom Team Chat, Google Drive, Workplace from Meta and more.

Collaboration tool data differs from traditional business communications in several key ways. Emails are highly structured, defining who sent and received their contents. They create linear chains of communication that are simple to follow. By contrast, collaboration datasets are much more complex, with conversations flowing seamlessly between public, private, and group chats. Collaboration messages can also be revised or deleted, which is rarely possible once an email has been sent. The Aware platform was built for and normalizes collaboration datasets, adding critical context that would otherwise be lost.

The privacy of collaboration messages depends on how they are sent and stored, and what settings or third-party applications the workspace owners implement. In general, direct message conversations between two users are private and can only be seen by those users. However, messages sent in public channels or private groups can be seen by all members of that channel or group. If a company collaboration tool allows external vendors to be added to channels or groups, that third party can also view all the messages they contain. Additionally, workspace owners and administrators can gain access to all the content in their collaboration tools, including messages, files, and other data. Employees should follow company policies governing the appropriate use of collaboration tools and use best judgment when sharing or uploading information within collaboration conversations.

Disgruntled employees are a rising concern to modern enterprises. They are workers who are unhappy, dissatisfied, or resentful in their job. They can pose a significant problem for organizations, as they may become unproductive, engage in negative behaviors, or even actively work to harm the company's reputation or operations.

Collaboration tools open up new opportunities for toxic or disgruntled employees to disrupt or even sabotage the organization. Because collaboration tools can sync messages and files in real time across multiple devices, they make it much easier to exfiltrate information. All a disgruntled employee needs to do is send themselves a sensitive file in a collaboration message, sync that message through their phone or personal computer, save the file and delete the message. If organizations do not deploy a platform like Aware that ingests collaboration messages in real time, that entire transaction can go undetected.

Another risk posed by collaboration tools is in the data they contain. Sales tactics, intellectual property, merger and layoff conversations are common to most company collaboration datasets. In addition, legally protected information such as personally identifying information (PII), protected health information (PHI) and payment card industry (PCI) data can all exist in collaboration datasets unless an organization takes proactive steps to detect and remove them. Aware enables this functionality with real-time AI/ML workflows that automatically identify and flag sensitive information within collaboration.

Insider risk can be hard to detect in any organization, but disgruntled employees do make themselves known through their actions. Aware built the industry’s leading natural language processing (NLP) and sentiment scoring models, built for the nuances of collaboration datasets and trained on millions of real collaboration messages. As Aware ingests collaboration data, artificial intelligence workflows analyze and score the sentiment of messages and deliver results normalized for each individual organization. That sentiment scoring provides greater insight into how the mood shifts within the organization, where negativity is strongest, and where toxicity starts to take hold. These insights enable organizations to be proactive about addressing areas with a high potential for insider risk.

Because insider risk comes in many forms, Aware provides a wide range of configurable workflows to identify and take automatic action on insider threats. These include automated workflows to detect personally identifying information (PII), protected health information (PHI) and payment card industry (PCI) data using regular expressions (regex) and Boolean logic. Aware also uses AI analysis to detect password sharing in collaboration, and each organization can create customized workflows that target specific insider knowledge and proprietary information.

Aware can further identify unsanctioned use of collaboration tools based on data type, for example sharing code snippets or restricted files can also trigger automated workflows. And Aware’s industry-leading natural language processing (NLP) models support early identification of harassment, bullying, hate speech and toxicity within collaboration tools.

Aware supports all major collaboration tools, including Slack, Microsoft Teams, Webex by Cisco, Zoom Team Chat, Google Drive, Workplace from Meta and more. See our Integrations page for a comprehensive list. Thanks to Aware’s Context API, enterprises can also connect their own workplace collaboration solutions with Aware’s intelligent data fabric, providing insights and analysis to almost any collaboration dataset.

Aware was built to help innovative companies mitigate risk and realize the value locked within their collaboration tool data. Aware ingests collaboration messages in real time and infuses them with intelligent analysis that reveals the hidden context of how modern businesses run. From Aware’s contextual archive, businesses can access a range of use cases, including: data loss prevention (DLP), forensics and investigations, compliance adherence, eDiscovery, employee experience, toxic hot spot detection, information governance, business feedback loops and key initiative tracking.