Your people are your biggest asset, but also your biggest risk. Do you have the ability to detect, investigate, and prevent a costly insider threat incident, or know how to recognize one when it occurs?
The Insider Threat Level series is here to keep you up-to-speed on the numerous examples of insider threat incidents, trends, and best practices caught in the news, so you can be better prepared for anything coming your way.
If you missed the last Insider Threat Level, we covered: Unhealthy Data, Password Fatigue, Alexa, and more.
This week, we’re taking a look at: some of the worst insider threat-based attacks of 2018, why employees are willing to leave a company if a company lags in tech, teleworking issues, and more!
- The 6 Worst Insider Attacks of 2018 – So Far
Source: Dark Reading
We’re big on helping security teams detect and eliminate insider threats around the ObserveIT office. It’s what we do. However, insider threat-based attacks do happen, and this story by Dark Reading is a comprehensive list of the worst insider threat incidents in 2018 so far.You’ll find names you know, and some you don’t, backing up the idea that an insider threat incident can happen to anyone. The names include: Tesla, Punjab National Bank, Facebook, Coca-Cola, Nuance, and SunTrust Bank.
Hot Take: Having visibility into what potential insider threats at an organization (employees, contractors) are up to is crucial to understanding what they are doing with your data. Two of the companies included in the list are financial institutions, which feature stringent compliance requirements. If they can’t keep their data internal to their organization with their current data loss prevention methods and tools, it’s time for a new approach.
- Employees Willing to Leave if Company Lags in Tech
Source: InfoSecurity Magazine
Often when employees talk about leaving their workplace, it has something to do with pay, benefits, or people. But this new U.K. based study by Unisys Corporation, as covered by Info Security Magazine, suggests that employees may be willing to leave a company if they are lagging behind in new technology adoption.“More than one-third of those who work for technology laggards feel like outdated devices are limiting their productivity, with more than half frustrated and many with one eye on the door as a result,” said Mickey Davis, global VP of Managed Workplace Services at study producer, Unisys.Hot Take:CISOs and IT pros, we’re willing to bet you’ve got a lot of opinions on this one.
On one hand, you want to provide the latest and greatest so that your people are happy. On the other hand, you don’t know how you can manage the adoption, maintenance, and training for this technology, let alone guarantee visibility into its security.
On the insider threat management front, there are some parallels to be drawn. Slow tech adoption has been known to cause some insiders to find workarounds that break organizational policy. Visibility into their activity can help alleviate the potential dangers of this, but obviously a proactive approach is preferable. (Coaching activity best-practices, rather than reacting.)
To sum it up: the longer you prevent or throttle an insider’s productivity with tech or cumbersome cybersecurity practices, the greater the risk of an insider threat incident. What will you do to find a balance between these needs?
- Insider Dangers Are Hiding in Collaboration Tools
Source: Dark Reading
Adoption of workplace collaboration tools (Slack, Office 365, etc.) is on the rise, but experts are urging caution, due to the increased risk of an insider threat-related incident associated: “While these channels can help speed up group decision-making, they also serve as an enterprise blind spot for insider threats to do their worst – not to mention being open conduits for spreading negativity and toxic behaviors among the ranks.”A study cited in the article also suggests that 1 out of every 118 public communications shares confidential information, with 1 out of every 262 communications relating to account passwords. In other words: some data leaks are happening through collaboration tools.Hot Take:The threat of an insider threat incident exists with or without collaboration tools in the workplace. The real issue at-hand is whether an organization has appropriate visibility into what potential insider threats are doing with proprietary data. After all, data doesn’t leak itself!
While it is smart to be aware that collaboration tools amplify the risk, the solution to insider threat management starts with being able to detect, investigate, and then – ultimately – prevent incidents as they happen. Like we mentioned with the “Tech Laggard” hot take, the more barriers you put up that threaten an insider’s productivity, the more workarounds they’ll find. You have to be able to find a balance between tech adoption and cybersecurity practices.
- (FEATURED POST) The Connection Between Insider Threats and Data Loss Prevention
Data loss prevention tools, or DLP, are famed for their ability to tag, categorize, and control data movement. However, in many cases where an organization has DLP in place, a data leak still happens. The simple rationale is that data doesn’t leak itself – people leak data!But the connection between insider threat management and data loss prevention goes much deeper than that. In this post you’ll learn how DLP and insider threat management go hand-in-hand to truly give you the visibility you need into data movement.
- How Telework Fuels the Insider Threat
Source: Fifth Domain
“69% of corporate executives and 71% of small business owners attribute data breaches to employees through accidental error and data loss” and that “risk of a data breach increases when employees work outside of the office,” according to results from a recent study by Shred-it.In other words, those surveyed are under the impression that insiders are more likely to behave riskily outside of the confines of the office, resulting in an insider threat-related incident.Hot Take:Again, the risk of insider threat incidents is real. Tesla, SunTrust, Coca-Cola, and all of the companies mentioned in the news as of late are proof of that. However, suggesting that employees or contractors will behave more riskily outside of the office is a bit of a misnomer. It implies purposeful intent based on location, when in reality, the intent of an insider threat is not typically known. But it can be.
Organizations shouldn’t necessarily move to block remote-work or telework based on perceived increase in risk for an insider threat incident. Instead, they should work to do two things: 1.) obtain visibility into potential insider threat activity (including context and intent), and 2.) improve cybersecurity hygiene and training for insiders. It’s all about balance!
How do you feel about the Insider Threat Level?
Did you find this insider threat news recap particularly interesting? Want to see additional coverage? Let us know by tweeting @ObserveIT.