Remote Working – Does it increase your insider threat?
Many companies learned a valuable lesson from the COVID-19 pandemic – flexibility is key! Those companies that already had a form of at home working were quick to shift and take full advantage of the capacity the work force had to remain productive. Conversely, businesses that had previously discouraged working remotely discovered that their rigidity was detrimental and prevented them from adapting quickly to the new circumstances. Because of this, many organizations learned a tough lesson last year: Companies that already had remote or hybrid schedules were prepared to rapidly deploy to an all-remote operation, and they profited handsomely from that flexibility. Offering remote and hybrid work options is also a popular perk for employees who discovered that eliminating commutes allowed them to be more productive and less stressed. Gartner Reports that 82% of industry leaders now plan to make the hybrid system full-time with 47% of those companies stating employees can work from home full time!
Whilst flexible schedules and locations are sought after, they also bring forward the added threat of malicious insider actions to the organization. Verizon Data Breach Investigations Report 2021 – (DBIR) – shows the risk rose 40% in 2020! Tripling in the last three years. The majority of these were accidental mistakes – human error, mix human error with data and that is the top cause of a data breach! The top threats in this area are the usual suspects – all-time reigning champion mis-delivery (like sending someone the wrong data), followed by that old favourite misconfiguration (making errors when setting up a database). Less common blunders like publishing errors, programming mistakes and loss of devices containing secure data or credentials almost three-quarters of breaches caused by insider actions were the result of these common, simple errors. Unfortunately, that still leaves 25% of data breaches that aren’t so easily explainable.
Malicious Insider Actions account for 25% of confirmed breaches. These are heart breaking as it’s someone you trusted and with remote access to systems and data, it is all the easier to do. IBM surveyed their remote work force and they all agreed that a remote work force poses a greater security threat than onsite employees.
What drives people to perform malicious actions against their employer? The DBIR report breaks down the incidents and reasons and the top motivation remains the most obvious – financial gain. An estimated 70% of malicious insider breaches were financially motivated, mainly through employees selling credentials or access to systems and data within the dark web! In these economically challenging times this threat needs to be at the forefront of the minds of those working on defensive strategies to combat this risk. Other areas of insider threat were espionage (25%) and angry disgruntled employees (4%) – from selling of company intellectual property (like formulas and sensitive data) to the acts that just damage the company.
The Dark Web economy is booming and with the current financial crisis, everyone is looking for a little more income, selling credentials or data may be even more tempting for cash strapped staff, especially if they’re not located within the office environment. The safeguards of the office environment are missing while working in isolation and remote workers have extensive opportunities to take and perform malicious actions without being detected as quickly. The DBI report makes it very clear that data breaches and other security incidents caused by malicious employees working remotely take longer to detect, are more difficult to contain and do more lasting damage than similar incidents caused while working within the office space.
No industry is safe from these threats and although the work force has now been found to prefer a hybrid work regime, the fact that the work force will be remote increases the threat your company will face! That is not to detract from the vast majority of positive attributes a remote work force offers, and the advantages of business retention are clear. So, the question is; what can you do to protect the company from this elevated risk platform?
Gain Immediate Protection by Preventing Credential & Privilege Misuse.
Privilege misuse is the top way malicious insiders gain and cause damage to the company. Utilizing tools like Multi Factor Authentication (2FA) are absolute must haves in these situations! In this scenario, an employee may sell or give their access to someone not authorized to access sensitive or critical data. With our software ‘Passly’ in place it will secure the employees identity and access management using multi factor ID. Yet less than 50% of companies use this to support the remote work force. Single sign-on launch pads for individual’s users enable your IT teams to quarantine user accounts and remove access permission quickly thus reducing time and containing the breach.
Monitor the place they do Malicious Business.
Malicious insiders always turn to the same place to make money – the Dark Web! They can contact eager buyers for passwords, access or data quickly through the dark web message boards, hacker sites and chat rooms. Having a watchful eye for your company credentials being bought, sold or exchanged on any of these outlets and being alerted to it, gives you the upper hand before they are used against you! HMH can monitor for all company credentials appearing on the Dark Web. Machine and then Human intelligence analyst constantly monitors for these breaches 24/7 365 days a year, with eyes in the worst places to make sure your IT team is alerted immediately, giving your business the edge over these criminal actors.
We offer Bespoke packages to suit and secure your company against all threats across the spectrum of cybercrime. Schedule a demo and our experts will be happy to help guide you through to making the right choices.
