Deception in the Workforce: Utilising Security Capabilities to Mitigate Insider Threats

Insider threats are a significant danger to any organisation. Whether it’s data leakage from careless employees, or hackers with compromised credentials, massive damage can be done before an enterprise even realises what’s going on. Consequently, it’s crucial that IT and security teams balance budgetary and business concerns with the need for comprehensive data and threat protection.

Unfortunately, as the IT ecosystem evolves and more organisations migrate to the cloud, shift to remote work, and enable BYOD (Bring your own device) policies, defending against insider threats is becoming increasingly challenging. This article will show the results of a recent survey which takes a closer look at the impact that new working practices are having on data security and how businesses are currently coping. Finally, we will explore how businesses can improve their security posture in order to keep their data safe.

The cloud security conundrum

In a recent study by Bitglass, over half (54%) of respondents said that of all the data within their business, it was customer data that was most vulnerable to insider attacks–closely followed by intellectual property (47%). Given how desirable both types of data are to malicious parties, this makes sense. Unfortunately, many of these same respondents (50%) said migrating to the cloud has made it much harder for them to detect such threats; mainly because their traditional on-premise security tools don’t translate well to the cloud.

As a result, a worrying amount of data is currently exposed to potential theft which would cause significant business disruption. This can include extreme monetary losses related to non-compliance fees, multiple legal disputes, and a downslope in company trust and reputation. Businesses must prioritise having security tools that are capable of mitigating data leakage, no matter where the information goes. To almost no surprise, 61% of those surveyed admitted to experiencing an insider attack in the last 12 months alone.

The cost of breaches is growing, but security budgets are not

When it comes to the cost of a breach, the sums involved are constantly rising. 32% of those questioned said the average cost of remediation after an insider attack was between $100K and $2M, which is an eye watering sum for most businesses. Unfortunately, the same cannot be said for cybersecurity budgets, with nearly three quarters (73%) of respondents saying that their budgets are either staying the same (57%) or even decreasing (16%) by next year. In short, organisations are having to do more and more with less and less, which is why now, more than ever, they need cost-effective security measures. Compliance, security, and long-term business success all heavily depend on it.

Visibility and control is crucial for effective security

Interestingly, a significant majority of businesses still find it difficult to assess the real impact of insider attacks, which suggests they lack the levels of cloud visibility and control required to understand when/where data is being stolen. A massive 88% of survey respondents recognise that unified security across apps, devices, on-premise resources, infrastructure and the Web is key to counteracting threats. However, over 60% admitted to simply not having the right technology in place. As a result, most security professionals are wasting significant amounts of time every day managing numerous unintegrated products that fail to provide the comprehensive, consistent security needed to protect against threats.

BYOD further compounding the issue

As if it weren’t enough, the rise of the remote workforce resulted in a new surge of unmanaged devices joining the corporate network. 82% of those questioned admitted they can’t guarantee being able to detect insider threats stemming from personal devices. Often, other criteria need to be met before they can do so; for example, having the personal device on premise (18%) or ensuring that they have agents installed (16%). Additionally, half of organisations don’t have any visibility at all into messaging and file sharing apps on personal devices.

This lack of insight makes it incredibly tough to defend against insider attacks which often take advantage of BYOD policies. Notably, only 3% of businesses block personal device access altogether, primarily because of the major productivity and flexibility gains that BYOD provides.

A new way of working requires a new approach to security

In order to thrive in dynamic, cloud-based business environments, businesses need to do much more than simply rely on their old on-premises solutions to keep their data safe. Instead, they must ensure they’re deploying a security solution that is specifically built for the task at hand. Such a platform must enable secure access to web and cloud services, block rampant threats like malware, prohibit data leakage, and enable adherence to compliance frameworks.

Secure access services edge (SASE), pronounced ‘sassy,’ refers to a comprehensive cloud security platform that delivers on this new way of working. SASE integrates cloud access security broker (CASB), zero trust network access (ZTNA), and secure web gateway (SWG) technologies into a flexible platform designed to defend data wherever it goes.

SASE platforms allow enterprises to extend consistent security to all enterprise resources from a single control point. This enables the corporate security team to configure policies that secure software-as-a-service (SaaS) apps, control access to malicious web destinations, and prevent leakage in on-premises resources without the need for virtual private networks (VPNs). In other words, SASE replaces multiple disjointed point products, delivers significant cost savings, and provides the comprehensive security needed for a remote workforce in a cloud-first world.

As IT ecosystems continue to evolve, so must the security solutions put in place to protect them. The global pandemic has resulted in millions of more businesses relying on the cloud and remote working to maintain operational efficiency. However, far too many of them have failed to make a similar investment in cloud-based security, leaving sensitive customer data and intellectual property dangerously exposed to insider attacks, as well as numerous external threats. With this new shift in the workforce looking increasingly long term, it’s time to take a closer look on how to avoid  becoming the next victim.