The use of cloud collaboration in today’s workforce is widespread. It makes working together easy as data could reach remote employees.
However, Michelle Killian, Senior Director of Information Security at software-as-a-service (SaaS) vendor Code42, said that insider risk could bring a halt to a company’s cybersecurity.
“Insider risk is one of the fastest growing threats that businesses have to address today,” stated Killian. They are not often malicious and are only the result of human nature.
But even so, insiders can expose, leak or steal data at any moment.
According to Joseph Blankenship, VP and Research Director for Security and Risk at Forrester, insider risks are typically composed of accidental actors, compromised accounts, and malicious insiders.
The risk, said Blankenship, is when ransomware “mules” brings malware-like ransomware into corporate systems to circumvent external controls.
Another trend is the recruitment of insiders by outside actors. This can be through willing participation or the result of social engineering, bribery, or blackmail.
Remote and hybrid cybersecurity
Killian noted that remote working created “the perfect storm” for insider risks and threats. Remote and hybrid work greatly decreases security visibility, and file-sharing technology makes it easier than ever to transfer sensitive information.
According to Code42, since the pandemic began, 61% of IT security leaders have identified their remote workforce as the cause of a data breach.
As layoff and economic uncertainty continue, Blankenship added that insider risk will increase.
But a silver lining — if there is one — is increased awareness for organizations.
“Insider risk has always existed,” said Blankenship. However, “awareness of the threat vector has increased, the tools for finding insider threats have improved, and organizations are focusing efforts on detecting and stopping insider threats.”