Combating insider threats in the age of remote work

Employees forced to work remotely during the COVID-19 pandemic altered their online habits, and to minimize hacking risk they needed cybersecurity tools to keep up. As a result, most IT departments now support cloud and hybrid environments.

But security administrators also face a danger they may not have previously anticipated: attacks from insiders. Disgruntled employees are taking advantage of the fact that many enterprises do not offer secure access to offsite networks and systems. They are also exploiting their fellow remote workers, who might not recognize phishing exploits and can unintentionally cause harm or damage.

In either case, these attacks are both dangerous and expensive to mitigate: according to Ponemon Institute, an insider threat's average global cost is $11.5 million. Luckily, industry leaders can overcome these issues with the right game plan. By knowing what to look for and training the workforce properly, the enterprise will better combat insider threats.

The Call Is Coming from Inside the House
Even before the pandemic, dissatisfied employees driven by personal agendas worked to infiltrate companies. When coronavirus upended daily life, that mission got easier. Cybercriminals who normally targeted well-defended corporate environments now preyed on home offices, which often lack strong protections or in-depth defense strategies. This expanded attack surface is an all-you-can-eat buffet for a hacker with an ax to grind.

In a distributed, remote, and highly connected world, insider threats can be just as harmful to employers as traditional bad actors. Dynamic opportunists are upskilling and taking advantage of the increased demands of remote work to exploit users’ emotions and pry out the information needed to carry out attack exploits.

One current scam is impersonating a public health expert or government agency and directing users to phishing sites about the pandemic. Internal bad actors register domains using words like “COVID,” “coronavirus,” “N95,” or “masks.” They also employ these terms in email subject lines or file names to garner clicks. All it takes is one unsuspecting user opening the message, and the whole system comes crashing down.

These threats are not going away anytime soon, and enterprises that fail to adapt to this changing reality face increased exposure to damaging cyber incidents. Organizations need total network visibility into attack surfaces and vectors through a robust security and technology stack. They should also teach their workforces proper prevention techniques to detect and defend against these dangers.

The Smart Solution

The insider threat phenomenon requires new ways of prioritizing and minimizing cyber-risk. Tech teams need a business continuity plan that spells out how to address intentional or unintentional asset misuse. They can then realign their systems and processes to address dangers and gain visibility into attacks.

But these issues affect more than just the IT department. Few untrained users know how to spot scams, secure laptops, or handle sensitive data in a remote work environment. Because of this, enterprises must turn their attention to the human element of insider threats and build mandatory cybersecurity training into the company culture.

Managers need to adopt educational strategies that maximize engagement, like sending fake phishing emails and showing users how to spot threats or report suspicious activity. Every enterprise should also have a clear acceptable-use policy to set out storage and access procedures.

But this is not a one-and-done solution: tech teams must update training regularly and encourage personnel to ask questions. A consistent, clear message helps reduce the chance of accidental insider threats since the best offense is a good defense. This process requires expanding the scope of cyber-protections to accommodate the new remote workforce. The security protocol needs to be a continuum that offers better mitigation and contingencies, because the weakest link in the security chain is the human factor.

Another smart strategy is to update lax BYOD (Bring Your Own Device) strategies. These policies are admittedly necessary for the current remote work environment. Still, some companies go one step further and allow employees to view sensitive data on personal devices without corporate security controls. That means insider threats are harder to catch.

But IT administrators with access to employee-managed equipment will know how users interact with information and spot problems earlier. Through this robust security and technology stack, enterprises can enable business continuity and detect internal attack vectors before it is too late.

For each of these approaches, packet data is the single source of truth. Network security teams should analyze packet data to get a view into the performance characteristics of infrastructure, and applications components and dependencies. Performing this ongoing analysis will help them find the needle in the haystack to protect their company from insider threats.

Many enterprises are now in flux, balancing the pandemic's effects with an increased danger of insider threats. These problems may seem impossible to solve, but all parties can work together to improve operational efficiency. Businesses that provide employees with the right tools, strategies, and training, while also analyzing their networks in real-time, will minimize the risks and impacts of insider threats.

Mark Doering is Director of Technical Marketing at NetScout. Mark has over 35 years of experience leading technical engineering teams, integration technologies, security product research and development, as well as consulting for security and wireless architectures. Previous to Netscout, Mark worked for VSS Monitoring as a Security Architect. Prior to that Mark worked at Cisco with the Security Technology Group (STG), driving the Borderless Network Security and Wireless Security products as well as the Consulting Security Services at Cisco Systems for over 16 years. Mark has achieved his GIAC - Certified Incident Handler Certification, and the ISC² - Certified Information Systems Security Professional Certification (CISSP). During his tenure with Cisco he helped define best practices like the Cisco SAFE Security Blueprint as well as the development of the Cisco Certified Security CCIE.

ON DEMAND: In this webinar, Regina Lester, Vice President of Security & Safety Operations at Toledo Zoo, will share her insights on implementing security technologies in the entertainment sector and the challenges all organizations face — large and small — when it comes to balancing budget and security.

Combating insider threats in the age of remote work

Get our new eMagazine delivered to your inbox every month.

Stay in the know on the latest enterprise risk and security industry trends.

Combating insider threats in the age of remote work

Share This Story

Related Articles

Get our new eMagazine delivered to your inbox every month.

Stay in the know on the latest enterprise risk and security industry trends.