Anybody who works towards a company’s interests and indirectly or directly contributes to its success is considered an insider. Insiders’ acts are critical since they can access an organization’s sensitive information and systems. Workers and executives are insiders, but so are former employees, partners, contractors, vendors and services, facility staff and board members. Every organization benefits from them, but they may pose a serious risk if ignored.
Insider threats involve a trusted user exposing a company’s valuable data. It could be a malicious insider directly stealing corporate information, a straightforward human mistake or the accidental exposure of sensitive data from a negligent agent. No matter the motivation, the insider threat impact can devastate any business. The insider threat is further increased due to a shift to more distributed working models, like BYODs and work-from-home.
The Root Cause of the Insider Threats
The number of insider threats is growing in volume and frequency. Nowadays, they demand more time on average to be contained. The impact for an organization is significant, as well as the cost to remediate its systems, trust and reputation and return to the status quo ante.
Undoubtedly, the root cause of insider incidents is the human. Insider threats are not only people’s bad intentions. Careless employees, who lack training and basic cybersecurity awareness, intensified by the extensive acceptance of hybrid and work-from-home models, are involved in more than 50% of insider threat cases. The rest is due to malicious insiders or disappointed trusted ones, who decide vengefully to put their businesses at risk and harm.
Insider Threats Are Overlooked
Surprisingly, the insider threat is still underestimated. Recent reports showed that only one in five businesses are concerned about negligent insiders. This demonstrates that companies are not yet ready to embrace an increase in “relaxed” and flexible attitudes among employees. As a result, they are not taking adequate steps to limit the dangers of irresponsible insider threats. After all, insiders are the trusted ones for an organization.
Unfortunately, careless insiders can easily bypass from the warmth of their houses any threat prevention mechanisms usually set up to protect a business from cyber-criminals and malicious outsiders. Additionally, unintended and erroneous insider acts are mixed and hidden with normal work behavior and do not give any danger signal or abnormal spike to security teams and systems.
The ‘Home Sweet Home’ Insider Threat
The pandemic altered work habits, as over 70% of employees worked remotely. That violent and temporary solution seems to have been established as a permanent capability. A Gartner report brings good news for workers and nightmares for security professionals, as most companies wish for a permanent shift to remote work. Gitnux highlights the growth of remote work options by more than 1100% between March 2020 and the end of 2021, while the expected growth rate of full-time remote work over the next five years has doubled. CEOs tend to consider remote collaboration a permanent strategy, while Zippia’s research mentions that 74% of US companies are using or plan to implement a permanent hybrid work model.
The human factor has always been a significant cybersecurity risk, involving mental processes, perception, reluctance, ignorance and mood swings. Businesses have more control over people working in an office than remotely, as securing, identifying, flagging and limiting suspicious activity is easier. Maintaining the same level of cybersecurity preparedness in light of the developing work-from-home culture has become more complex. The reasons are numerous:
- Personal devices. According to an IBM study, the percentage of unverified personal devices and tools used for business use exceeds 50%. Another astonishing fact is that six out of 10 respondents mentioned that their employer had not given them any tools to secure their devices.
- Wi-Fi networks. It is common knowledge that many employees use unsecured public Wi-Fi networks to access sensitive business information and data without any protection.
- Poor data management. In many cases, employees accidentally violate security regulations and download corporate sensitive data onto their unsecured devices, making them uncontrolled by their organization and exposing them to regulatory risk.
- Training. Lack of good cybersecurity training results in unaware and negligent employees. Remote workers needing to be trained to apply adequate security hygiene practices are a significant risk to a company’s cybersecurity posture since they cannot realize the associated threats.
- Involvement in malicious acts. Malicious insiders have greater possibilities to cause havoc when they are not under the eye of security teams. Working remotely makes participation in insider trading and data distribution to bad actors easier. A report from Bravura Security, which highlights that cyber-criminals have approached 65% of workers to assist in ransomware cyberattacks, shows the magnitude of the underlying risk.
Protect Your Employees
Remote work poses one of the biggest security challenges. Working from home is about handling systems and sensitive information outside the security control of the organization in a cluttered environment. Additionally, keeping people in isolation in their homes has increased depression, making people less disciplined and more reluctant to follow frameworks and security rules.
Empathy is crucial when dealing with remote workers’ threats, as the shift to remote working has been followed by personal dilemmas to balance personal and professional obligations simultaneously. It would be devastating to blame remote working humans for cybersecurity negligence. Businesses must realize the insider threat and work closely with cybersecurity experts to protect their assets.
An insider security program should include proper training on safety and threat assessment, a disciplinary threat management team, and an appropriate security policy incorporating zero trust approach (ZTA), privileged access management (PAM), endpoint detection and response (EDR), multi-factor authentication (MFA) and continuous endpoint authentication (CEA) to keep insider threats at bay.