EP 15 | Keep your friends close and your insiders threats closer

In episode 15 of Risk Grustlers, Srikanth Chavali, Co-Founder and CPO at Kitecyber, unpacks the growing challenge of insider threats and why they remain one of the toughest cybersecurity risks to manage.

He delves into how AI is transforming insider risk management, the key strategies organizations can use to stay ahead, and the delicate balance between security and operational efficiency.

Srikanth also discusses how Kitecyber helps organizations secure their digital environments while ensuring compliance with critical regulations. His insights highlight the power of technology and a proactive security mindset in tackling insider threats.

Let's dive into some key highlights from this episode.

Watch the full episode here.

https://www.youtube.com/watch?v=Ii_m11_b9gM

Aayush: Can you share a bit about your journey in cybersecurity and what led you to co-found Kitecyber?

Srikanth: Absolutely. So, I've been in the cybersecurity and networking space for the last 30 years, and cybersecurity has intrigued me for a couple of reasons.

One of the main reasons is that it has always felt like a game of whack-a-mole. Just when you think you've solved a problem, another one pops up unexpectedly. Over the years, I realized that businesses don't just need someone reacting to threats; they need a solution that anticipates and mitigates risks before they cause disruptions.

This realization led to the co-founding of Kitecyber. Our team has received validation from customers and partners, who often tell us that visibility is great. However, data laws are changing and causing new challenges. These laws require responsible disclosures to affected customers and partners.

At Kitecyber, our goal is to strike a balance—ensuring that security measures are actionable and effective without becoming overwhelming.

Aayush: Could you share an example or two of situations where security can become overwhelming?

Srikanth: It all begins with a security incident. The first thought is, “Have we been impacted?” If so, to what extent? This concern spans the entire organization. Today, incident response is a board-level issue, and the challenge lies in managing the massive influx of data.

Cybersecurity remains fragmented, with multiple tools flooding teams with alerts. The challenge is piecing these signals together in a race against time to assess the true extent of exposure.

Public companies face added pressure to issue timely statements. The finance and legal teams step in to evaluate the potential impact. Ultimately, cybersecurity is a concern for every department—and that's when it becomes overwhelming.

Aayush: You've spoken before about insider threats. For our viewers who are new to this, can you explain what insider threats are and why they're so challenging in cybersecurity?

Srikanth: Sure. Insider threats are difficult to detect and remediate because of the way cybersecurity operates. Organizations vet untrusted entities and turn them into trusted entities, granting them access to corporate resources. Insiders belong to this trusted group, which means they can easily bypass the glass walls that protect your resources from the internet.

The problem becomes more complicated with hybrid work as the attack surface expands. In the past, users operated within a well-contained premise; now, they work from anywhere. So, from a network standpoint, insider activity often appears normal, making detection even harder.

Aayush: When you mention the endpoint as a critical part of security, what kind of activities do you monitor on employees' devices to detect insider threats?

Srikanth: We focus on the assets that matter most—users, devices, applications, and sensitive data. Instead of tracking everything the user does, we focus on these critical assets.

Monitoring these key areas provides the necessary visibility without overwhelming the system. It's about protecting valuable resources while maintaining privacy and avoiding unnecessary surveillance.

Aayush: As a company begins thinking about insider threats seriously, where should they start? Is there a phased approach you recommend?

Srikanth: The first thing to understand is that most insider threat solutions today rely on behavioral analysis, which often leads to false positives. These false alerts create a lot of noise for security teams and can result in sensitive situations if an employee is wrongly flagged.

Many existing solutions depend on probability, which carries a high risk of error. So, a more practical approach would be to understand your assets well and monitor them closely. For example, if you have critical data, placing monitoring points around it allows you to focus on what truly matters while minimizing unnecessary alerts.

Aayush: Can you share some practical examples of unusual activities or incidents that would signal an insider threat?

Srikanth: One example would be if an employee encrypts a sensitive file. This activity might seem normal on the surface, but the context lies within the device itself. If this action goes unmonitored, it could lead to an insider threat.

If that file is then uploaded to an unapproved site or storage location, it could go unnoticed because the cloud infrastructure might not raise any flags. This is why endpoint security is the key to detecting and preventing these types of incidents.

Aayush: What's the best starting point for a company looking to establish strong security practices, even if compliance isn't an immediate requirement?

Srikanth: I'd say the best starting point is always compliance, even if it's not a day-one mandate. Compliance helps set up basic security hygiene and gets the company thinking about security from the outset.

I recommend starting with something like SOC 2 to build that foundation. Once that's in place, companies should implement security controls when procuring devices.

Using tools that allow IT teams to enforce policies remotely on devices is key. Another major step is to address internet security. With phishing being such a huge threat, you need to protect users from those attacks and create basic guardrails around their online activities.

Having secure access controls for SaaS applications is also critical. Tools that consolidate these security measures into one platform, like Kitecyber, can really simplify this whole process for smaller companies.

Aayush: How can companies without dedicated security analysts or teams ensure they effectively monitor their security practices?

Srikanth: It's definitely a challenge for smaller companies. Recently, I've noticed that some venture capital firms are starting to provide access to a virtual Chief Information Security Officer (vCISO).

This is a great solution for early-stage companies that don't have the resources for a full-time CISO. The vCISO helps establish a minimum security hygiene standard and can oversee the entire security program.

This gives smaller companies the guidance they need without having to build an internal security team. It's all about clear accountability—having someone responsible for security and continuous monitoring can really make a difference.

Aayush: When it comes to mitigating insider threats specifically, how important is endpoint security, and what tools can help smaller companies with this?

Srikanth: Endpoint security is critical. Devices are often the weakest link when it comes to insider threats, so it's important to keep them secure. Companies should use tools that allow IT teams to remotely enforce security policies and ensure proper management of the devices.

Tools like Kitecyber are great for smaller companies because they simplify endpoint security by consolidating everything into one platform. They enable IT teams to easily manage compliance, security controls, and monitoring without juggling multiple tools or systems. It helps companies maintain control over their endpoints and reduce the risk of insider threats.

Aayush: How can AI and automation specifically help organizations with insider threat prevention?

Srikanth: When it comes to insider threat prevention, AI can help by tackling the problem of data discovery and classification. In the past, identifying sensitive data was challenging, especially with unstructured data, and tools often generated false positives.

But now, with generative AI, we can be much more accurate. AI helps classify data more precisely and apply the right security guardrails around it. It reduces false positives, making it easier for companies to detect potential threats before they escalate.

The key here is to get a solid grip on the data itself—understanding what's sensitive, where it is, and how it's being used.

Aayush: On the flip side, how does AI support insider threat detection once an insider has breached the network?

Srikanth: Detection is a trickier challenge. Once an insider has bypassed your network defenses, like firewalls or zero-trust models, tracking their activities becomes much harder.

AI helps by collecting signals from various sources—endpoints, networks, and cloud environments—and then correlating that data to spot abnormal behavior.

But there is a catch. It's not easy to get these signals in the first place. Without enough quality data, AI models won't work well.

So, companies need to ensure their data collection is robust. Even then, detecting insider threats requires continuous refinement of AI models to minimize false positives and ensure timely responses. It's a complex, ongoing process.