Security officers now require a more comprehensive insider threat solution

August 11, 2020

COVID-19 has initiated a whole new host of cybersecurity threats. Twitter was one of the latest victims, its employees allegedly being targeted so that hackers should take over the accounts of certain verified users. And just before that, a June 25 story in The New York Times detailed the way in which a foreign entity is attempting to infiltrate American business by taking advantage of remote employees whose organizations – more than 400 million worldwide – use virtual private networks (VPNs).

This should be a wake-up call – especially for cybersecurity officers. What were once considered sufficient safeguards to keep sensitive information secure, are now beginning to prove insufficient in this world of remote work.

Twitter’s situation, for example, shows the danger of having a risk management strategy too heavily focused on mitigating external threats. In addition to the external actors that have learned to penetrate this first line of defense, acts from internal actors can be just as dangerous to a business’ bottom line – even if that’s not their intent. Insider threats from negligent actors that mistakenly send sensitive information to the wrong email address, for example, reportedly make up 62 percent of such incidents.

A lesser percent of insider threats come from disgruntled and disengaged employees who may have experienced a negative disruption to their personal finances and/or who are under acute stress. This possibility isn’t completely lost on the majority of cybersecurity professionals, with 67 percent expressing in a WSJ Pro Research survey that they were concerned about malicious employees.

Still, it is not enough to be concerned. When major data breaches occur, cybersecurity professionals are held at least partially responsible – just look at what happened to the chief information security officer serving Capital One at the time of the company’s 2019 breach – and with an above-average amount of threats facing organizations because of COVID-19’s transition to remote work, it’s imperative that security officials make efforts to address threats arising from all sides.

In addition to strengthening firewalls and exploring VPN alternatives, security officers should focus significantly more attention on insider threat prevention. Under normal economic, social, political and public health conditions, employee stress frequently drives otherwise loyal employees to steal or even inflict physical violence due to personal life challenges like the loss of a loved one, unforeseen expenses, or because they’re being bullied or harassed. Those normal stressors are still occurring, but today, they’re occurring in conjunction with a pandemic, widespread unemployment, and in the midst of nationwide unrest.

The continuous monitoring of employee stress makes it possible for security officers to see how an employee is being impacted by these challenging circumstances. Customizable solutions allow security officers to search for activities of interest – finances, criminal history, etc. – in real-time, and do so compliantly when consent is built into the system.

Receiving real-time alerts, security officials can call the appropriate business personnel – usually Human Resources and occasionally Legal – into interventional action before an employee intentionally commits an act that puts the organization in jeopardy. This shifts the role of a security official from being one that retrospectively manages risk, looking for threats as they occur and swiftly shutting them down, to one that proactively manages and prevents risk from ever taking place.

This is the kind of innovative diligence that organizations need to safely navigate not only the new few months of remote work, but the future. Protections against external threat will remain important, as will training that keep employees from making negligent mistakes. However, what will make the greatest difference is a solution that lies somewhere in the middle – in the precious space in which a good-hearted employee is driven to transition into a malicious actor.

Tom Miller is CEO of ClearForce, an organization that protects businesses and employees through the continuous and automated discovery of employee misconduct or high-risk activities.

In this webinar, we review the rise of cloud access control and access control as a service, its advantages and disadvantages, and how to select the optimal cloud access control solution for your company.

Security leaders need to accept and act on this reality and take measured and thoughtful steps to mitigate the risk and train staff about the growing likelihood of such violent incidents in their facilities and workplaces.