What is an Insider Threat?
The term ‘insider threat’ primarily refers to security risks that originate within a company or organization. This can include anyone with access to privileged information, sensitive data, and/or private networks – whether or not they have malicious intent.
Current and former employees, contractors, suppliers, board members, and even family members of remote workers can pose insider threats. According to the Ponemon Institute, negligent or non-malicious insider activity accounts for 56% of all insider threats and costs $485,000 to remediate. Equally dangerous to a company are disgruntled employees; a quarter of all insider incidents were carried out by disgruntled employees. On average, these incidents cost $150,000 to remediate.
How Does Remote Work Increase the Risk of Insider Threats?
It’s clear that Covid-19 has altered the global work landscape, possibly forever. During the peak of the pandemic, over 70% of employees were working remotely. Gartner reported that almost half of all companies planned on making remote work a permanent part of their work culture, even after the pandemic. While this may come as good news for employees, it’s a nightmare for cybersecurity and IT professionals. Telecommuting and remote work pose massive security challenges to these organizations, as people are the most vulnerable piece of the security landscape.
People-based insider threats have long been a major risk, even in the pre-pandemic days. But back then, organizations and security teams had much more control over their employees within the secure office environment. Access could be easily controlled, suspicious behavior flagged, all activities tracked, and security incidents identified and contained much more efficiently. But amid the burgeoning WFH culture, maintaining the same level of cybersecurity preparedness has become harder. According to a survey by OpenVPN, 73% of vice-presidents and C-Suite IT executives believe remote workers pose a greater risk than on-site employees.
Those working from home but not following proper security protocols and cyber hygiene form the single biggest threat to organizations in a remote work world. To understand why, let’s examine several ways remote work can increase cybersecurity risks:
Use of Unsecured Personal Devices and Tools
A work from home study by IBM and Morning Consult found 53% of remote employees use personal devices and unverified tools to do their jobs. This happens when employees are working remotely and have little to no supervision. Add to this the fact that many workers use unsecured public Wi-Fi networks, and the possibilities for hackers grow exponentially.
Increased Susceptibility to Attack
In-house employees are protected by the company firewall, DLP, and SIEM, but similar safeguards are not available to remote workers. Securing personal devices outside of the company premises is much harder than it sounds. The aforementioned IBM study stated 61% of remote workers using personal devices were not provided with tools to secure their network.
Poor Cyber Hygiene Practices
The same study brought out many other startling facts: 45% of remote workers were not given proper cybersecurity training; 35% were not following basic cyber hygiene practices such as not using the same passwords for different accounts. Without proper training, remote employees pose a greater risk to the cybersecurity of a firm.
Improper Data Management
Since the initial transition to remote work in early 2020 was unexpected and rapid, many companies failed to set up data-sharing protocols for their employees. These employees are likely to commit mistakes, such as downloading data onto their personal devices or leaving their external data storage devices unsecured. Storing corporate data on personal devices is problematic for three main reasons:
- Locally stored data is easy to hack
- The company has no way to control access to this data
- This may violate many compliance terms, opening up the company to regulatory peril
More Opportunities to Abuse Sensitive Data
Outside of the watchful eye of the security and IT teams, malicious insiders have more opportunities to create trouble. They can steal data, share it with hacker groups, engage in espionage, or practice insider trading. Another new threat that has emerged in the last two years is outside attackers offering insiders money to help breach the company network. A report from Hitachi ID showed that 65% of surveyed companies had witnessed such an event. As remote work exploded in scale, the report found a 17% rise in the number of employees being approached in this manner.
How Does Zero Trust Help Reduce the Risk of Insider Threats?
The zero trust model is a modern approach to cybersecurity in which full network access is not granted under any circumstances. Instead, access to systems and applications is based on identity and controlled via strong authentication. Multi-factor authentication (MFA) is employed to prevent unauthorized entry and has the added benefit of helping to enable compliance with all leading industry security standards. Beyond the initial verification through MFA, the zero trust model relies on continuous authorization to ensure users and devices are who they say they are.
MFA usually is not supported by legacy CRMs and ERPs, but Cyolo’s unique zero trust architecture is built to overcome this hurdle. Cyolo’s solution allows companies to add an external MFA to all legacy systems, which vastly reduces the risk of insider threats. To learn more about how Cyolo can help implement zero trust in your organization, sign up for a demo today.