The Dawn of Insider Risk – Are You Prepared?
We’re going to have to fire her.
That’s what I thought one afternoon when I received an unexpected call from our security team.
A new sales hire had just downloaded several documents from her previous employer onto the company-issued laptop we’d given her.
This looked like the textbook definition of insider theft by infiltration. An employee who brings proprietary data from another company creates real risk for us. We could be sued for her actions and be liable for millions of dollars in damages. Luckily, there was more to the story and the drastic measures proved to be unnecessary.
A quick conversation with the new employee helped us discover that she connected her iPhone to her new computer. Which, in turn, signed her into her iCloud account. Which, in turn, started syncing files from her old job onto her new device—without her knowledge. Once we were sure the infiltration was unintentional, we quickly removed the documents from the device and helped her reset the systems to prevent the auto-syncing feature. We notified her previous employer about what happened and worked with her on a few security awareness training exercises.
No harm, no foul. It was a matter of education and awareness, with no malicious intent. This time.
But how many companies would have been able to do that—see the data infiltration at the moment it happened and quickly respond in an open way that was in line with unintentional data movement? Unfortunately, too few. More than half of organizations don’t have an insider risk response plan in place, and 91% don’t have technology designed specifically to address insider risk. This challenge has been exacerbated by this summer’s Great Resignation, with masses of Americans starting new jobs. In fact, 63% of employees admit taking data from one employer to the next.
Insider risk isn’t new – but fundamental changes in the way we work today have dramatically increased the risks created by employees and contractors. First of all, CIOs have deployed new technologies like Slack, Teams, Box and OneDrive that make it easy to collaborate. Those same technologies also make it easy for insiders to exfiltrate data to untrusted locations. At the same time, employees are no longer working in the office on corporate networks. And 37% of workers admit that they use non-sanctioned applications, like Gmail and Dropbox, every day to share data. Today’s work environment is the perfect storm for creating insider risk.
Even though this is not a new challenge, the approach needed to tackle it is completely new. The answer to mitigating the ongoing challenge of insider threats and insider risks is through an insider risk management (IRM) program. An effective IRM program essentially wraps a layer of security around collaborative work and data, while also raising awareness and educating employees on how to handle source code, product plans, customer pricing and personnel information.
If your organization follows the “three Ts” of an insider risk management program, you will be one step closer to better protecting your organization:
- Transparency: As part of your data security-aware culture, tell your employees that you’re monitoring data movement to protect your organization and them. Share public examples of how risk has been created in the past—and how it can be avoided—so employees are educated from day one and on an ongoing basis.
- Training: If your employees don’t know the rules about who owns data and intellectual property (IP) (the company or the employee), then they will make mistakes. Start with proactive, computer-based training to educate your employees. Make training applicable to each role so they understand the associated risks; this is also critical. This proactive approach goes a long way and is better than reactive training after the risk has happened.
- Technology: Purpose-built technology is required to protect employees and your organization. Age-old DLP tools and technology were not made to keep pace with today’s modern, remote workforce. Having the right cloud-based technology in place today will help automate security alerts and prioritize insider risk concerns.
It takes the average company almost four months to identify a data breach. By the time anyone notices data is missing, that data has been out in the wild being accessed, analyzed and put to use by an unknown number of unauthorized people for nearly an entire quarter. That’s too long.
The purpose of an IRM program is to allow collaboration and innovation to continue among our teams. By implementing an IRM program, security teams have the visibility they need to monitor data movement and establish a risk classification system to alert teams of high-risk individuals, such as departing employees. In order to continue allowing collaboration among your employees, IRM tech also needs to be API-driven to ensure the different tools (Slack, One Drive, Gmail and more) are all working in tandem so that employees can get their jobs done safely.
Few businesses understand the magnitude of insider risk, but the awareness and urgency are growing. With all this in mind, as we wrap up Cybersecurity Awareness Month, take a few moments to educate your team on the different faces of insider risk and best practices around data ownership and risk management. Doing so will go a long way toward preventing a massive security headache in the future and also create a greater security-aware culture through your organization. That’s more than half the battle.
