Why enterprises need to prepare for more insider threats [Q&A]

Insider threats are a growing problem. In its 2021 predictions, Forrester believes that insider incidents will be the cause of 33 percent of data breaches in 2021, up from 25 percent in 2020.

But what does this mean in practical terms for businesses and how can they protect themselves? We spoke to Anurag Kahol, CTO of cloud security specialist Bitglass, to find out.

BN: What are the most common forms of insider threats?

AK: While it is commonly thought that insider threats only come from malicious outside actors or disgruntled employees looking to steal and sell an organization's data, the reality is that the more common form of insider threat comes from negligent employees. These individuals may not have ill intent, but they are by no means less dangerous. Let's say, for example, an employee is working from home and has started sidestepping required security procedures in order to store sensitive data on unsecured personal devices for convenience. This puts the company in an extremely risky position. Phishing has also seen a sharp rise amid the pandemic and clicking the wrong link can quickly cause issues for companies.

BN: Has the rapid digital transformation that took place amid the pandemic increased the risk of these types of incidents? If so, how?

AK: Yes. The IT ecosystem within most organizations has evolved tremendously over the last year to accommodate COVID-19-related adjustments. The rise in remote work resulted in more companies shifting operations to the cloud at an accelerated rate and permitting employees to use personal devices to access corporate IT resources. All of this has made safeguarding data from insider threats even more complicated and has demonstrated why reactive security tools and strategies built for the prior era can no longer keep pace with today's dynamic business landscape.

Now, as organizations begin to shift to a hybrid work environment, IT and security teams are tasked with protecting company data in the cloud and on-premises. This new way of working will undoubtedly stretch the resources of security teams which creates more pressure and more opportunity for insider threats to go undetected.

BN: What can companies do to better protect themselves?

AK: If a company's data falls into the wrong hands, it can cause real harm to people and put the company at a severe competitive disadvantage by fostering a loss of trust externally with customers and other vital stakeholders. That is why organizations must equip themselves with the right tools to detect and stop insider threats and data leakage across the IT ecosystem.

To ensure their operations remain successful amid this new way of working, enterprises must achieve and maintain continuous visibility over sensitive data that can no longer be regulated by on-premises security tools. Companies must also ensure they have the capability to identify and stop insider threats from wherever they may be stemming from at all times. This requires solutions that can block, encrypt, apply digital rights management (DRM), and redact.

Organizations should also choose a fully-featured solution complete with user and entity behavior analytics (UEBA), which uses machine learning to develop a baseline for each employee's behavior so that irregular changes can be discovered and remediated as needed. 

BN: Vendor consolidation is a big topic of conversation currently. Are there advantages to consolidating security tools when it comes to defending against this threat?

AK: Companies should proactively seek out and employ the right tools to save security teams from a broad range of costly setbacks, including those that often accompany insider attacks. The matrix of connections within the enterprise IT ecosystem is becoming progressively more complicated. By using a Secure Access Service Edge (SASE) platform, security teams can access a single, all-encompassing dashboard to configure data and threat protection policies that are enforced automatically anywhere data goes, thus ensuring business security, continuity and growth.

SASE is a cybersecurity concept that Gartner described in the August 2019 report The Future of Network Security in the Cloud. Because the architecture will often include a Cloud Access Security Broker (CASB), Secure Web Gateway (SWG) and Zero Trust Network Access (ZTNA) functionality, security teams are able to replace disjointed point products and unlock significant cost savings with a single SASE vendor.

BN: What are the business implications for this kind of attack?

AK: Regardless of whether or not they are being careless or have malicious intentions, employees can pose a substantial risk to organizations in any industry. A survey from the Ponemon Institute found that insider threats increased by 47 percent from 2018 to 2020. The cost of insider threat incidents also rose by 31 percent from $8.76 to $11.45 million during the same time period.

These types of attacks can also damage brand reputation and trust with prospects and current customers, as well as other employees within the company. The public can quickly grow suspicious of how safe their sensitive information would be in the hands of the company, and employees may start to question who they can trust and which of their coworkers might have potential secret motivations and agendas. All of this mistrust and skepticism will ultimately damage the effectiveness of the business, which in turn can affect the bottom line. The only way to avert this situation is to implement proper employee education programs and proactive cybersecurity tools.

Image Credit: Andrea Danti/Shutterstock