Remote work is opening up new insider threats – whether it’s negligence or malicious employees – and companies are scrambling to stay on top of these unprecedented risks.
Employees working from home face a new world of workplace challenges. With childcare facilities mostly closed, many are juggling crying babies or barking dogs, all while tending to job responsibilities. Under those conditions mistakes happen, like sending an email – with critical internal company data – to the wrong address.
This is just one of many insider threat risks that security experts worry will become a regular occurrence. That’s because remote employees have been thrust into new working environments, with no face-to-face supervision and little to no training for handling new security risks. And, they are also facing more distractions from their home settings, as well as new emotional stresses tied to COVID-19.
All of these factors are creating a ticking time bomb for insider threats risks – which according to a report released last week, have already increased by 47 percent since 2018. Worse, security experts warn that organizations aren’t ready for this influx of remote work induced challenges.
“The [work from home] trend due to the COVID-19 pandemic has significantly increased insider threats from employees taking risks with company assets, such as stealing sensitive data for personal use or gain as employers have less visibility to what employees are doing or accessing,” Joseph Carson, chief security scientist and advisory chief information security officer at Thycotic, told Threatpost.
Negligent Insiders: Lack of Training
Insider threats can stem from either “negligent insiders” – which according to Proofpoint is the most common and accounts for 62 percent – or from malicious insiders, who intentionally steal data or company secrets.
The “negligent insiders” are the bigger threat here, researcher say. They may be employees who are well-intentioned, but who mistakenly give away company data or put company data at risk. They might open a phishing email, fall victim to a business email compromise (BEC) scam, or leave a cloud storage bucket misconfigured.
The work from home world has paved the way to an unsecured environment that allows these mistakes to happen more easily, security experts argue. For starters, many remote employees have not been given the appropriate training for how to secure their laptops and how to handle sensitive data in a work from home environment.
A recent survey from IBM Security found that more than half surveyed have yet to be given any new security policies on how to securely work from home. Also, more than half surveyed have not been provided with new guidelines on how to handle personal identifiable information (PII) while working from home, despite more than 42 percent newly being required to do so as consumers lean on customer service representatives for a variety of services.
In addition to a lack of employee training, experts worry remote employees are using company devices that may have been dependent on network security for protection – such as email gateways, web gateways, intrusion detection systems or firewalls – and moving them to unsecured networks.
The IBM Security survey for instance found that 53 percent of remote employees are using their personal laptops and computers for business operations – and 61 percent say their employer hasn’t provided tools to properly secure those devices.
Remote employees are also dealing with the challenges of working remotely and potentially needing to juggle childcare. That, coupled with the overlying stresses from the pandemic and the pressures of regular work, can open the door for simple mistakes. For instance, on average, 800 emails are sent to the wrong person every year in companies with 1,000 employees, according to Tessian. Experts worry that the new workplace environment could make this type of mistake more common.
“Initially, the sudden shift in environment was taxing on employees, which increased the likelihood for mistakes to be made that could have incredible repercussions for data privacy – for example, sending an email to an incorrect recipient or clicking on a phishing link,” said Durbin. “As remote working continues, organizations continue to digitalize traditionally physical process, such as reliance on post or face-to-face meetings, inevitably driving more sensitive data online.”
While “malicious insider” threats are less common (according to Proofpoint, these types of threats only occur 14 percent of the time), coronavirus-spurred changes to the workforce is making it more difficult for organizations to root out these threats.
According to Verizon’s 2020 Data Breach Investigations Report (DBIR), malicious insider threat motivations vary. Financial motivations are the most popular, but espionage or disgruntled employees are listed as other common reasons.
Malicious insider threats may stem from the emotional toll of change. Earlier in May, for instance, a former BlueLinx IT manager, unhappy after his company was acquired by a large Atlanta-based building products distributor, was sentenced to federal prison for hacking his former Atlanta-based employer.
Experts worry what kind of emotional toll the current changes in today’s coronavirus world will have on employees. Many employees currently have concerns, need support and require protection. Employees may react maliciously to potentially limited hours, lowered compensation, reduced promotion opportunities.
These concerns at work can be compounded by increased levels of stress outside of the work environment due to worries about the health of their families, livelihood and uncertainty about the future, said Steve Durbin, managing director of the Information Security Forum.
“Under these conditions, employees might become resentful or disgruntled towards the organization, resulting in occurrences of information leakage and theft of intellectual property,” said Durbin.
At the same time, the shift to remote work is creating challenges for organizations to detect such internal, nefarious acts due to limited access controls and a lack of capabilities in detecting unusual activity.
Protecting Against the Insider Threat
Organizations can take several steps to reduce the risks of these insider threats. The implementation of training measures for employees to better understand remote workplace security policies is an important first step.
However, going beyond that, companies also need better visibility into the devices that are being used by employees handling sensitive information, Tim Bandos, vice president of cybersecurity at Digital Guardian, told Threatpost.
Identity and access management (IAM) has an important role to play here. As employees have moved outside the company perimeter, IAM will help organizations maintain a full audit trail, which can help follow an employee’s tracks.
“Users are now less restricted with how they collaborate with information and what services or devices they can use in order to transfer data,” said Bandos. “Unless there was an established data protection policy in place that took into consideration remote employees with outlined controls, companies will experience data loss whether they realize it or not.”
Insider threats are different in the work-from home era. On June 24 at 2 p.m. ET, join the Threatpost edit team and our special guest, Gurucul CEO Saryu Nayyar, for a FREE webinar, “The Enemy Within: How Insider Threats Are Changing.” Get helpful, real-world information on how insider threats are changing with WFH, what the new attack vectors are and what companies can do about it. Please register here for this Threatpost webinar.