As 2020 comes to a close, news of a vaccine for Covid-19 brings a sense of optimism for the new year ahead. However, as governments pull the plug on furlough schemes, and a global economic downturn looms, many organizations find themselves planning restructuring and redundancies necessary for business survival leading to a rise in insider threats.
At the start of the pandemic businesses quickly adapted to remote working to manage new legislature that kept employees at home. The sudden onset of remote working brought many challenges for organizations and employees alike, and indeed opportunities for cybercriminals who capitalized on those not well prepared for changes in the way we now work.
Insider Threats
Those responsible for IT security have spent the past several months effectively trying to keep cybercriminals at bay, but with the economic uncertainty we now face, they must also consider the threats that lie within the company walls.
We know from experience that relying on perimeter defense and anti-virus software to prevent cyberattacks is an antiquated approach that is no longer effective in the fight against modern cybercrime. The sheer number of threat vectors virtually ensures that cybercriminals will get in if they want to, and in many cases they already are, waiting for the right time to activate and launch an attack.
We must not forget that many organizations face an even more imminent danger, the insider threat. Leading analyst firm Forrester expects insiders to be responsible for a third of breaches in 2021, up 8% from 2020, mostly due to the increase in remote working. Of course not all threats are of malicious intent. Employees struggling to balance work life and family stress during a pandemic could easily be forgiven for being less focussed and distracted. Unfortunately, those distractions can lead to accidental threats, in many cases simply not taking the time to validate what may appear to be a legitimate email before clicking on a phishing link. A simple mistake that can have disastrous consequences.
While organizations should expect that most employees are behaving appropriately, they should also consider that some may not, and prepare accordingly. At a time when financial stress could lead people to act in a way that is out of character. Employees may be motivated to act unscrupulously for financial gain when times are tough, and in a year when bonuses and pay rises are highly unlikely.
Disgruntled insiders, economic uncertainty, loss of valuable company data and trade secrets can spell disaster. Unfortunately, departing employees pose one of the biggest risks for organizations, especially heightened at a time when employees are working from home and data is decentralized on devices residing outside the company network. Detecting and preventing any unauthorized data from leaving the company, no matter where employees are based is critical to mitigating the risk of insider attacks.
Data Exfiltration
Any attack, be it for monetary, political or competitive advantage relies on the removal of data from the organization. Infiltrating a network or device does not, in itself, equate to a successful attack. An attack is only successful if unauthorized data is stolen or removed from a device or network. Organizations must be able to monitor, detect and prevent unauthorized data exfiltration in order to mitigate the risks associated with data loss.
The difficulty is that data exfiltration can be very difficult to detect, particularly from an insider. As data routinely moves in and out of an organization, exfiltration can closely resemble normal network traffic, meaning that data loss incidents can go unnoticed by IT staff until it’s too late. A preventative approach that can monitor data exfiltration in real-time is essential in detecting unusual behaviour before the unauthorized data transfer can occur.
Related Posts
BlackFog Strengthens Leadership Team with Strategic Appointments
BlackFog strengthens leadership and the next stage of growth with Brenda Robb as President, John Sarantakes as CRO, and Mark Griffith as VP of Strategic Sales.
The CrowdStrike Incident: A Global IT Meltdown
Discover how the recent CrowdStrike incident caused a global IT meltdown, affecting thousands of businesses. Learn about the event timeline, its impact, and how BlackFog's advanced practices can help prevent such risks. Stay informed and protect your business from future cybersecurity threats.
6 Essential Ransomware Prevention Steps Every Firm Must Take in 2024
What essential ransomware prevention steps must businesses take as the scale of this threat continues to rise?
Data Protection vs Data Security: The key Differences to Know
Are you aware of the difference between data protection and data security? Here's what you know to keep your data safe.
The State of Ransomware 2024
BlackFog's state of ransomware report measures publicly disclosed and non-disclosed attacks globally.
Understanding Data Privacy and Security: How do they Relate?
Data privacy and security are critical topics for any business to focus on in today's environment. The rising costs of cyberattacks and other threats mean a clear strategy for safeguarding sensitive data is more important than ever before.