Insider Risk: Employees Are Your Biggest Cyber Threat (And They Might Not Even Know It)

Couldn't attend Transform 2022? Check out all the summit sessions in our on-demand library now! Look here.

Today's workforce is data-dependent and widely distributed. The use of cloud collaboration technology is sprawling. Data is highly portable, users are often remote and off-network, and file-sharing technology is widespread. It's no wonder, then, that insider risk is more of a concern than ever.

"Insider risk is one of the fastest growing threats facing organizations today," said Michelle Killian, senior director of information security at Code42, a provider software as a service (SaaS) specializing in insider risk. management.

Insider threats are often not malicious – in fact, most of the time they are unintentional and simply the result of human nature – but even so, as Killian pointed out, "insiders can expose, leak or steal data at any time."
What is insider risk?
In simple terms, an insider is anyone with access to an organization's data or systems: employees, contractors, partners, vendors.

Insider risk arises when sensitive corporate data (IP, digital assets, customer lists, trade secrets, and other corporate "crown jewels") is moved to untrusted locations, such as as personal devices, email or cloud destinations.

"This data transfer poses significant competitive, financial, privacy and compliance risks," Killian said.

According to Joseph Blankenship, vice president and research director for security and risk at Forrester, insider risk is typically composed of:
"Accidental" Actors: Insiders who cause damage through negligence, error, or non-malicious circumvention of security policies. A 2021 Forrester survey indicated that 33% of data breaches attributed to insiders were accidental or unintentional, according to Blankenship. Compromised Accounts: External actors who gain access to legitimate user accounts and credentials and use them to steal data or damage systems. Malicious Insiders: Those who intentionally steal data, commit fraud, or sabotage assets. "These are the people we normally think of when we hear the term 'insider threat,'" Blankenship said. He pointed to a 2021 Forrester survey that found 35% of data breaches attributed to insiders were due to malicious intent or abuse.
Blankenship has also noted cases where ransomware mules introduce malware-like ransomware into corporate systems to circumvent external controls. Another trend is the recruitment of insiders by outside actors. This can be the result of voluntary participation or the result of social engineering, bribery or blackmail.

At the end of the day, "insiders have knowledge of systems and data that outsiders don't," Blankenship said. "They may also be aware of security measures that organizations have in place to secure data or monitor activity, and may attempt to circumvent them."

Additionally, and perhaps most detrimentally, they are trusted. “We need to trust users to some degree so that they can do their job without creating too much friction for them,” he stressed. However, "insider threats occur when that trust is abused".
Safety blind spots
Data rights and ownership can be murky waters. Companies are sometimes unclear about — or at least not enforcing — data policies. So when an employee quits or otherwise leaves, they often take files with them, Killian said.

According to a study by Code42, around two-thirds of employees who have brought data to a new company have done so before: 60% admitted to taking data from their last job to help them in their current roles. Additionally, 71% of organizations said they were unaware of the amount of sensitive data taken by departing employees.

Workarounds for employees are another "difficult blind spot in data security."

Repeatedly having to enter credentials can be repetitive, and security checks are often seen as inconvenient or even a hindrance to productivity, Killian said. As a workaround, employees sometimes save files to a personal cloud drive or send them to personal email accounts, leaving the files open to compromise.

"More...

Startups Aug 2, 2022 0 75 Add to Reading List

Insider Risk: Employees Are Your Biggest Cyber Threat (And They Might Not Even Know It)

Couldn't attend Transform 2022? Check out all the summit sessions in our on-demand library now! Look here.

Today's workforce is data-dependent and widely distributed. The use of cloud collaboration technology is sprawling. Data is highly portable, users are often remote and off-network, and file-sharing technology is widespread. It's no wonder, then, that insider risk is more of a concern than ever.

"Insider risk is one of the fastest growing threats facing organizations today," said Michelle Killian, senior director of information security at Code42, a provider software as a service (SaaS) specializing in insider risk. management.

Insider threats are often not malicious – in fact, most of the time they are unintentional and simply the result of human nature – but even so, as Killian pointed out, "insiders can expose, leak or steal data at any time."

What is insider risk?

In simple terms, an insider is anyone with access to an organization's data or systems: employees, contractors, partners, vendors.

Insider risk arises when sensitive corporate data (IP, digital assets, customer lists, trade secrets, and other corporate "crown jewels") is moved to untrusted locations, such as as personal devices, email or cloud destinations.

"This data transfer poses significant competitive, financial, privacy and compliance risks," Killian said.

According to Joseph Blankenship, vice president and research director for security and risk at Forrester, insider risk is typically composed of:

"Accidental" Actors: Insiders who cause damage through negligence, error, or non-malicious circumvention of security policies. A 2021 Forrester survey indicated that 33% of data breaches attributed to insiders were accidental or unintentional, according to Blankenship. Compromised Accounts: External actors who gain access to legitimate user accounts and credentials and use them to steal data or damage systems. Malicious Insiders: Those who intentionally steal data, commit fraud, or sabotage assets. "These are the people we normally think of when we hear the term 'insider threat,'" Blankenship said. He pointed to a 2021 Forrester survey that found 35% of data breaches attributed to insiders were due to malicious intent or abuse.

Blankenship has also noted cases where ransomware mules introduce malware-like ransomware into corporate systems to circumvent external controls. Another trend is the recruitment of insiders by outside actors. This can be the result of voluntary participation or the result of social engineering, bribery or blackmail.

At the end of the day, "insiders have knowledge of systems and data that outsiders don't," Blankenship said. "They may also be aware of security measures that organizations have in place to secure data or monitor activity, and may attempt to circumvent them."

Additionally, and perhaps most detrimentally, they are trusted. “We need to trust users to some degree so that they can do their job without creating too much friction for them,” he stressed. However, "insider threats occur when that trust is abused".

Safety blind spots

Data rights and ownership can be murky waters. Companies are sometimes unclear about — or at least not enforcing — data policies. So when an employee quits or otherwise leaves, they often take files with them, Killian said.

According to a study by Code42, around two-thirds of employees who have brought data to a new company have done so before: 60% admitted to taking data from their last job to help them in their current roles. Additionally, 71% of organizations said they were unaware of the amount of sensitive data taken by departing employees.

Workarounds for employees are another "difficult blind spot in data security."

Repeatedly having to enter credentials can be repetitive, and security checks are often seen as inconvenient or even a hindrance to productivity, Killian said. As a workaround, employees sometimes save files to a personal cloud drive or send them to personal email accounts, leaving the files open to compromise.

"More...