Insider threats don’t have to be malicious to be costly. Employee workarounds and policy violations create significant security risks.
Remote work has brought many benefits to both employees and employers, but it has also heightened security threats. Away from the watchful eye of the IT team, many employees are engaging in behaviors that put applications and data at risk.
A Trend Micro study released in July 2020 found that users frequently circumvent company security policy if it makes their jobs easier. For example, 56 percent say they use nonwork applications on a company device, although 64 percent acknowledge that this is a security risk. Thirty-nine percent say they often or always access company data from a personal device — almost certainly breaking company security policies.
Eighty-five percent claim to take instructions from their IT team seriously, yet 34 percent agree that they don’t give much thought to whether the apps they use are sanctioned by IT. Additionally, 29 percent think they can get away with using a nonwork application because the solutions their company provides are “nonsense.”
“In today’s interconnected world, unashamedly ignoring cybersecurity guidance is no longer a viable option for employees,” said Bharat Mistry, Principal Security Strategist, Trend Micro. “It’s encouraging to see that so many take the advice from their corporate IT team seriously. Having said that, there are individuals who are either blissfully ignorant or worse still who think cybersecurity is not applicable to them and will regularly flout the rules.”
The Cost of Insider Threats
User violations of security policies fall under the umbrella of “insider threats.” Many people think of an insider threat as an employee who purposely steals data or sabotages systems. However, a recent Ponemon Institute found that 62 percent of such incidents did not involve malicious intent. They are more likely to involve “negligence” or “human error,” in which users unintentionally mishandle sensitive data or commit policy violations with “workarounds” that bypass IT processes.
That doesn’t mean they’re benign. Incidents involving negligence cost an average of $307,111, according to the Ponemon Institute’s 2020 Cost of Insider Threats Global Report. The average number of incidents involving negligence has increased from 13.2 per organization in 2018 to 14.5 per organization in 2020. That works out to an average annual cost of more than $4.5 million.
“Insider threats must be a leading concern for companies worldwide,” said Mike McKee, executive vice president and general manager of Insider Threat Management for Proofpoint, a cosponsor of the Ponemon study. “Organizational insiders, including employees, contractors, and third-party vendors, are an attractive attack vector for cybercriminals due to their far-reaching access to critical systems, data and infrastructure.”
The Harvard Business Review has estimated that at least 80 million insider attacks occur in the U.S. each year, although that number may be quite low because such events often go unreported. The increasing use of employee-owned devices in the workplace is creating more risk. However, many organizations admit that they still don’t have adequate safeguards to detect or prevent attacks involving insiders.
How to Combat Insider Threats
To address the threat, organizations should establish appropriate use guidelines for their technology assets. These policies should be precise and easy to understand and frequently reinforced with employee education programs.
Organizations should also ensure that their security infrastructure isn’t entirely focused on outside threats. Firewalls, intrusion prevention and anti-malware solutions are essential but don’t address threats from inside the network.
Access control solutions improve visibility and control of network activities. They perform authentication and authorization functions and can restrict access to key resources based on role- or identity-based policies. Access control solutions can also identify patterns of behavior by users or groups that might signify misuse, unauthorized intrusions or malicious attacks.
Data loss prevention (DLP) solutions examine outbound network communications such as email and file transfers, as well as host-based activities such as copying files to removable media. DLP scans will generate alerts if any of these activities violate company policies.
Content-filtering solutions can filter web-based applications, identify malware signatures, and examine instant messaging and email to protect against data leakage. They can also enforce access policies on remote and mobile devices that are used outside the network.
There is a tendency to think of security breaches as sophisticated attacks by external hackers. However, data loss is often the result of user error or security policy violations. With many employees working outside the office, organizations need security tools that protect against insider threats.
