The insider threat is not a new risk for security teams, but with ransomware, phishing and myriad other “flashy” external threats targeting organizations, it has been relegated to the back burner in many organizations. But, in the wake of COVID-19 and the newly remote workforce, there has never been a greater need for organizations to better balance their efforts to defend against both external and internal threats.
Four Factors Escalating Insider Risk
According to the Ponemon Institute’s “2020 Cost of Insider Threats Global Report,” insider threat incidents increased by 47% over the past two years. The pandemic and subsequent work-from-home transition have contributed to the growing rate of insider threats in 2020 – and will continue to be a factor this year, as organizations prolong their remote work programs for the foreseeable future.
There are several reasons – four of them, actually – why the global pandemic has had such an impact on insider threats:
- The technical factor: With work-from-home, there is limited (if any) separation between employees’ personal and professional lives. Home networks are used for online schooling, gaming, IoT, shopping and so much more, polluting the work environment. Additionally, home networks do not have nearly the same level of security and IT support that corporate networks do, leaving organizations to battle exploding attack surfaces running on insecure networks.
- The economic factor: The uncertainty of the labor market, social unrest, quarantine mandates and working in an unfamiliar fashion are all issues weighing on employees’ minds, creating distractions and raising stress levels – all factors that can lead to mistakes or bad decisions.
- The psychologic factor: For many people, working from home weakens the sense of community they feel with coworkers, making it easier for them to commit malicious acts against their employer. Additionally, copying data to a USB, printing to your home printer or browsing unsafe sites are much easier to do in the privacy of your home than in an open cubicle environment in the office.
- The personal factor: The most effective insider threat programs rely on employees reporting suspicious behavior. But how can they observe suspicious behavior if everyone is isolated at home?
Three Tips to Battle Insider Threats Remotely
This last consideration is an important one. If the move to remote work has taken away organizations’ primary defense against insider threats, how can they protect themselves against the rising number of incidents? The answer lies in adopting a holistic insider threat strategy, while maintaining a commitment to building a culture where people feel connected to the company mission and confident reporting suspicious activity.
Here are three best practices to help you get started:
1. Customize Awareness and Training
Awareness programs and training initiatives are two of the most effective ways to defend against insider threats – especially when tailored to different roles within the organization. For example, an executive may consider policies and procedures differently than an analyst, who learns differently than an engineer. On top of that, each role likely has varying levels of access to sensitive data and locations. Customizing awareness and training for each type of role in your organization can have a very powerful and positive impact on your holistic insider threat program. Utilize multiple delivery options, like short video clips, and repeat the messages over and over to reinforce good cyber hygiene practices.
2. Prioritize Anomaly Detection with User and Entity Behavior Analytics
User and Entity Behavior Analytics (UEBA) can help companies proactively identify insider risk before it becomes an actual threat. UEBA technology helps model the typical actions of individual users and machines to identify anomalous activities for further analysis and response. Without doing this important legwork up front to set proper baselines and understand employees’ usual activity, it can be hard to distinguish an insider threat from another problem (such as an outage that wasn’t properly monitored).
3. Show Employees You Care
Above all, it’s important to remember that we’re all human. Employees may just need support, encouragement, or a friendly listener. Having supervisors and managers check-in with their direct reports on a weekly basis can be helpful for struggling employees and will demonstrate your commitment to their wellbeing. Respecting your staff’s personal lives and making sure they maintain a work/life balance are also impactful ways to show employee support.
Employees As The Solution
While employees are often behind “insider threats,” they are also your first line of defense against these attacks. The more you make employees aware of their role in security, the more responsibility they’ll take on in the fight against insider risk – regardless of whether they’re working from home or in the office. Only then will there be a chance that, this year, the percentage of insider threat incidents will decline.
This article originally ran in Today’s Cybersecurity Leader, a monthly cybersecurity-focused eNewsletter for security end users, brought to you by Security Magazine. Subscribe here.