2020: The Good and the (Insider) Risky

Well, it’s officially December— somehow—and that means an obligatory holiday/year-in-retrospect post. 

For knowledge workers this year, one phenomenon looms large in the rearview mirror. We went from venturing out, into offices, coffee shops, bars, restaurants, airports, concerts etc., to confining our lives within the walls that we call home. In a lot of ways, Kitchen tables became offices, we curated walls for Zoom backgrounds and aspiring home bakers learned that sourdough bread is, in fact, best left to the professionals. 

While it may sound like a joke, I’ve come to think of this shift as a migration to “The Great Indoors1.” And with that shift came a lot of good, some bad, and – importantly – a lot of risky. 

For many of us, there is a lot to love about WFH. One teammate shared how grateful she was for the extra time spent with her son, which she attributed to simply being physically present during the day. Another talked about all the outdoor activities they were picking up and planned to continue through the long Minnesota winter – local activities they may not have considered given other options. Many teammates have shared how much the additional flexibility of not having a physical commute and being able to shift working hours meant to them. Time to think. Time to focus on themselves, their families. That was the good stuff – and a reminder that time really is our most valuable currency.

Then came the risky. 

If you take nothing else away from this list, here’s the thesis: Every employee creates insider risk. It’s part of doing their job. That’s not inherently bad, but it is something organizations and security leaders need to pay attention to and measure. So, without further ado, here is my non-exhaustive list of risky business2 realities that have arisen this year:

Snow Globe of Insider Risk

1. Insurgents

I don’t think I need to dig too deeply on this one. We no longer just have to deal with our adult colleagues in our office space.  The chaos from these lovable fur-covered or human coworkers arises from needing to print a personal file from a corporate device, logging-in to a virtual classroom, accidentally knocking something onto the keyboard, being distracted when performing a delicate task, or something else entirely —  it’s real and it’s here to stay. Unfortunately, it’s difficult to prevent insurgency when… well the insurgents are so damn cuddly.

2. Power Outages

Power to residential buildings (especially those in rural or suburban areas) is often much less fault-tolerant than to offices in urban environments. While mitigation is possible using secondary internet access through cell devices, UPS, and simple laptop batteries, power loss can result in lost productivity, data corruption, and more.

3. Network Stability

Whether from lack of service providers in the area, outages, data caps, or just plain old shoddy equipment, it’s now necessary for every remote user to be the commander of their own network ship. To some of us this is a boon… to others… more syn with too little ack.

4. Network Hardware

This is related to the previous one but… networks can no longer be assumed to be secure in the same ways as they once were. Even if users are leveraging VPN (spoiler alert, most don’t) the physical infrastructure being used can now be compromised in ways outside the visibility or purview of most corporate security teams. More info on how to combat this here.

5. VPN Sucks

People don’t want to use VPN. This leads to lost productivity in the form of simple things like not using assets which are behind the firewall and also opens the organization up to risk from users accidentally or maliciously using unsupported tools to get the job done.

6. Lack of oversight

I can say with certainty that being at home has made it a lot more difficult to stay motivated this year. Part of that is down to the simple fact that I (and all of us) have become a Schrodinger’s Worker. We both are and are not working depending on whether we are observed. The lack of physical proximity to management is welcome to some workflows while in others it introduces complexity and risk.

7. Messenger-bloat

Slack, Zoom, Skype, Teams, FB Messenger, Discord, Hangouts, iMessage, Signal… need I go on?

The proliferation of messaging services has made it all too easy to accidentally upload the wrong screenshot to a service you didn’t intend.

8. Convergence

Work/Life balance has become work/life convergence. We have welcomed our colleagues into our homes and lives repeatedly this year so why not the opposite? Additional services and apps getting installed on corporate machines is the cost of doing business from home. Putting myself on blast again, using the same display for my work machine and then switching (via KVM) to my home desktop has confused me on many an occasion.

9. Burnout

Disconnecting is hard. Doomscrolling is real. People are more tired than ever before and rates of depression and anxiety are on the rise. This leads not only to people being pissed off and having short fuses but just plain old accidental human error.

10. Burnout

Wait… did…I do this one already?

10.1. Bad Actors Still Bad

It turns out that external actors looking to influence those inside your organization to do things they shouldn’t weren’t deterred by the pandemic and the data suggests they’re doubling down. If you don’t believe me… well here are some data points3.

The Great Indoors

Ok, congratulations, you made it through that gauntlet! After all of that, this is the point in time where I need to “bring it home”. So, if you’re still with me at this point, you’ve won a concluding thought:

The world has changed. Realistically the movement of knowledge workers to “The Great Indoors” started prior to 2020 but it’s now no longer deniable and many analysts are predicting that it will be irreversible. Any change introduces new risk and the vast majority of solutions that are in-place to mitigate existing risks aren’t built for this world that we all now inhabit. If you want to learn more about how we think you can solve some of the headaches caused by these risks, check out Incydr.

Otherwise, you’ve made it this far and deserve a treat so, in keeping with the movement to “The Great Indoors” we wanted to check in with Code42 employees and see how everyone’s coping with the holidays around here. Enjoy:

Happy Holidays y’all! May your days be risky and bright.

1: No one else trademark this, I plan to make millions off of this idea. I’m looking at you, competitors. Yes, I see you. MY ALL-SEEING TRACKING PIXEL IS LEGION!!!!!!
2: <tom_cruise_sock_slide.gif> NOT THAT KIND OF RISKY BUSINESS!
3: Ok, you got me that last one wasn’t from 2020 but… I like it. So, there!

Want to learn how much Insider Risk has increased in the last year? Download the latest 2022 Data Exposure Report.

The post 2020: The Good and the (Insider) Risky appeared first on Code42.

*** This is a Security Bloggers Network syndicated blog from Code42 authored by Riley Bruce. Read the original post at: