Employees forced to work remotely during the COVID-19 pandemic altered their online habits, and to minimize hacking risk they needed cybersecurity tools to keep up. As a result, most IT departments now support cloud and hybrid environments.
But security administrators also face a danger they may not have previously anticipated: attacks from insiders. Disgruntled employees are taking advantage of the fact that many enterprises do not offer secure access to offsite networks and systems. They are also exploiting their fellow remote workers, who might not recognize phishing exploits and can unintentionally cause harm or damage.
In either case, these attacks are both dangerous and expensive to mitigate: according to Ponemon Institute, an insider threat's average global cost is $11.5 million. Luckily, industry leaders can overcome these issues with the right game plan. By knowing what to look for and training the workforce properly, the enterprise will better combat insider threats.
The Call Is Coming from Inside the House
Even before the pandemic, dissatisfied employees driven by personal agendas worked to infiltrate companies. When coronavirus upended daily life, that mission got easier. Cybercriminals who normally targeted well-defended corporate environments now preyed on home offices, which often lack strong protections or in-depth defense strategies. This expanded attack surface is an all-you-can-eat buffet for a hacker with an ax to grind.
In a distributed, remote, and highly connected world, insider threats can be just as harmful to employers as traditional bad actors. Dynamic opportunists are upskilling and taking advantage of the increased demands of remote work to exploit users’ emotions and pry out the information needed to carry out attack exploits.
One current scam is impersonating a public health expert or government agency and directing users to phishing sites about the pandemic. Internal bad actors register domains using words like “COVID,” “coronavirus,” “N95,” or “masks.” They also employ these terms in email subject lines or file names to garner clicks. All it takes is one unsuspecting user opening the message, and the whole system comes crashing down.
These threats are not going away anytime soon, and enterprises that fail to adapt to this changing reality face increased exposure to damaging cyber incidents. Organizations need total network visibility into attack surfaces and vectors through a robust security and technology stack. They should also teach their workforces proper prevention techniques to detect and defend against these dangers.
The Smart Solution
The insider threat phenomenon requires new ways of prioritizing and minimizing cyber-risk. Tech teams need a business continuity plan that spells out how to address intentional or unintentional asset misuse. They can then realign their systems and processes to address dangers and gain visibility into attacks.
But these issues affect more than just the IT department. Few untrained users know how to spot scams, secure laptops, or handle sensitive data in a remote work environment. Because of this, enterprises must turn their attention to the human element of insider threats and build mandatory cybersecurity training into the company culture.
Managers need to adopt educational strategies that maximize engagement, like sending fake phishing emails and showing users how to spot threats or report suspicious activity. Every enterprise should also have a clear acceptable-use policy to set out storage and access procedures.
But this is not a one-and-done solution: tech teams must update training regularly and encourage personnel to ask questions. A consistent, clear message helps reduce the chance of accidental insider threats since the best offense is a good defense. This process requires expanding the scope of cyber-protections to accommodate the new remote workforce. The security protocol needs to be a continuum that offers better mitigation and contingencies, because the weakest link in the security chain is the human factor.
Another smart strategy is to update lax BYOD (Bring Your Own Device) strategies. These policies are admittedly necessary for the current remote work environment. Still, some companies go one step further and allow employees to view sensitive data on personal devices without corporate security controls. That means insider threats are harder to catch.
But IT administrators with access to employee-managed equipment will know how users interact with information and spot problems earlier. Through this robust security and technology stack, enterprises can enable business continuity and detect internal attack vectors before it is too late.
For each of these approaches, packet data is the single source of truth. Network security teams should analyze packet data to get a view into the performance characteristics of infrastructure, and applications components and dependencies. Performing this ongoing analysis will help them find the needle in the haystack to protect their company from insider threats.
Many enterprises are now in flux, balancing the pandemic's effects with an increased danger of insider threats. These problems may seem impossible to solve, but all parties can work together to improve operational efficiency. Businesses that provide employees with the right tools, strategies, and training, while also analyzing their networks in real-time, will minimize the risks and impacts of insider threats.