The workforce of today is dispersed and data-dependent. Cloud collaboration technology is widely used. Users are frequently dispersed and not connected to the network, data is very portable, and file-sharing technology is widely used. Therefore, it makes sense that insider danger is causing more alarm than ever.
According to Michelle Killian, senior director of information security at Code42, a software-as-a-service (SaaS) provider specializing in insider-risk management, “Insider risk is one of the fastest rising dangers that businesses today have to face.”
Even though insider threats are frequently unintentional and just the product of human nature, a large portion of the time, they are malevolent, Killian noted, “insiders can expose, leak, or steal data at any moment.”
Describe insider danger
Anyone who has access to a company’s data or systems is considered an insider, including employees, independent contractors, partners, and vendors.
When sensitive corporate data, including intellectual property (IP), digital assets, client lists, trade secrets, and other firm “crown jewels,” is transferred to unreliable locations, including personal devices, email accounts, or cloud destinations, insider risk develops.
According to Killian, “Such data transfer offers significant competitive, financial, privacy, and compliance risk.”
Insider threats often include the following actors, according to Joseph Blankenship, vice president and research director for security and risk at Forrester: insiders who hurt others by negligence, error, or by lawfully evading security measures. According to Blankenship, a 2021.
“Accidental” Actor: Forrester study showed that 33% of data breaches attributed to insiders were unintentional or accidental.
Compromised accounts: External actors who obtain access to valid user credentials and user accounts and use them to steal data or damage systems.
Insiders with bad intentions: Those who purposefully steal data, engage in fraud, or damage assets. These are the individuals that come to mind when the term “insider danger” is used, according to Blankenship. He cited a 2021 Forrester study that revealed that 35% of insider-caused data breaches were the result of malice or abuse.
In order to get around external restrictions, ransomware “mules” have been observed bringing malware into business networks, according to Blankenship. The hiring of insiders by outside parties is another trend. This may occur voluntarily, as the result of social engineering, bribery, or blackmail, or both.
In the end, according to Blankenship, “insiders have knowledge of systems and data that other players do not have.” They may also be aware of the security precautions that businesses have put in place to protect data or keep an eye on behavior, and they may try to circumvent those precautions.”
Security weak points
Data ownership and entitlement issues can be complicated. Companies may fail to enforce their data policies or are unclear about them. As a result, Killian added, when an employee quits or otherwise leaves, they frequently take their files with them.
According to Code42 research, around two-thirds of employees who have transferred data to a new business had done so in the past. Of those, 60% acknowledged doing so to support their current positions. Additionally, 71 percent of businesses admitted that they are ignorant of the extent to which departing employees are stealing critical information.
Employee workarounds are another “difficult data-security blind hole.”
Since entering credentials repeatedly may get tedious, security measures are frequently seen as difficult or even detrimental to productivity, according to Killian. Employees will occasionally send files to personal email addresses or save them to personal cloud drives as a workaround, leaving the files vulnerable to hacking.
Employees frequently just want to finish their work, but because business standards prohibit moving too rapidly, they make mistakes or cut corners, according to Killian.
Furthermore, there is a “breeding environment for insider data leaks and theft” due to the enormous overlap between cloud-based personal tools and workplace collaboration tools, such as Google Drive.
Organizations frequently use domain-based techniques to detect the uploading of source code or trade secrets to unauthorized locations. However, she noted that the absence of specific subdomains for business and domestic settings makes it challenging to determine whether data is in danger.
Do you represent a company? Already, you have unreliable insiders
According to Blankenship, organizations of all sizes must understand that they currently, and to varying degrees, face insider danger. Organizations must deliberately seek to stop these insiders, and ideally cut them off from the beginning, because they are “notoriously difficult to detect.”
- Enacting robust policies and procedures, he suggested, should be part of this process.
- Actively interacting with and instructing staff.
- Forming stakeholder alliances and teams.
- Putting technology for detection and monitoring into practice.
Killian also points out three essential elements of mitigation:
- Establishing an open, security-focused culture.
- Delivering suitable security and awareness instruction.
- Putting in place technology that makes data movement visible.
She went on to say that changing file extensions or file movements conducted after hours could be potential signs of unsafe behavior. Employers should also take into account staff members who have access to files from highly sensitive projects or who are about to depart the organization.
The technologies used for insider risk management (IRM) and insider threat management (ITM) can track, prioritize, and filter risk events as well as track the movement of files to non-corporate sites such personal computers, cloud storage, and other networks. These are frequently coupled with IAM software, which pulls internal data.
IRM tool providers include a rising number of businesses, including Code42, Proofpoint, Inter Guard, Ekran System, and Forcepoint.
Collaboration without sacrificing security
However, according to Killian, technologies should detect dangerous file transfers without impeding on the culture of collaboration and worker productivity within a company. The easiest approach to deal with this, according to her, is to create a layer of security around collaborative technologies so that workers can still complete their tasks quickly. This is crucial for distant workforces in particular.
The moment to safeguard data in a way that enables people to operate uninterrupted, wherever they may be, is now, according to Killian.
What happens if — or, more likely, when — a dangerous insider is discovered?
Security analysts need to make sure that communications are done with sensitivity, empathy, and prudence, according to Killian. “You wouldn’t treat a coworker in the same manner as an outside assailant.”
Employee education is also crucial; it should be stressed during onboarding, repeated throughout employment, and emphasized throughout offboarding. In the emerging hybrid-remote work contexts, more than half (55 percent) of businesses are concerned that employees’ cybersecurity procedures are lax.
Our existing training approaches require a redesign in order to effectively place personnel, according to Killian. “Training should be actionable, hyper-targeted, and bite-sized to present end-users with the right-sized reaction lessons when they engage in careless or unintentional user behavior,” says the author.
An expanding issue
The transition to remote work has, in Killian’s words, produced “the ideal storm” for insider risks and threats. The security visibility of remote and hybrid work is significantly reduced, and file-sharing technologies make it simpler than ever to send sensitive data.
The following are presented as justifications for this:
- Networks lacking security (71 percent ).
- Employees who don’t adhere to security procedures as strictly as they should (62 percent ).
- Being more likely to utilize a personal device among employees (55 percent ).
- Employees’ perception that companies do not track file movement (51 percent ).
Additionally, insider risk “will increase as we enter a period of economic uncertainty and possibly layoffs,” predicted Blankenship. “Two strong drivers of insider threat are fear of layoff and economic misery.” If there is a silver lining, it is that more people are aware of organizations.