Two dogs in robber masks

Insider Risk: What Hybrid Companies Need to Know — and Do

November 18, 2022 Information Management
Kaya Ismail
By Kaya Ismail

Data and IT infrastructure threats have changed significantly in the past few years. In the past, the threats primarily came from outside hackers and bad actors. Today, with the rise of remote work and the proliferation of data, insider threats have become far more common.

A recent Microsoft survey of 300 security and compliance professionals in the U.S. has found that the average company will experience approximately 20 insider-risk incidents per year. That's more than one a month. And according to Microsoft, 40% of the participants said they expect these events to increase in the future.

Ekran reports that 98% of business leaders feel vulnerable to insider attacks. Not surprising consider the statistics and the fact that even the best protection can't prevent human error.  

The Cost of Insider Threats

A Ponemon Institute study (pdf) conducted earlier this year found that in 2021, the cost of insider threats to the U.S. economy was over $15 million. That figure is up from $11.5 million just two years prior.

And it gets worse: The report also found that the longer companies take to contain incidents, the higher the cost, potentially going beyond the $17 million mark.

There have been numerous examples of insider incidents in the past. Twitter, for instance, fell victim to spear phishing in July 2020, when hackers gained access to 130 private and corporate accounts with more than a million followers to promote a Bitcoin scam.

How they gained access is a big part of the cautionary tale because it shows that no company is immune to the risk. In this case, the hackers simply used the phone, calling some of Twitter's remote workers, posing as Twitter IT engineers and requesting information about certain high-profile accounts. By collecting this information, they were able to access the accounts to promote the Bitcoin scam — and receive more than $180,000 from Twitter users who believed the information was legitimate because of the source.

Twitter was unaware of the scam until after the press noticed public accounts publishing the scam messages. The share price of Twitter fell by 4% as a result, and the company was forced to update security protocols and delay the release of its new API.

The financial cost of these inadvertent attacks is massive. But there's more. According to Deloitte, there are seven "hidden" costs to a successful cyberattack, including operational disruption, customer relations, brand reputation and loss of IP.

Related Article: What Is Identity Management (and Should Companies Care)?

The Types of Risky Insiders

The challenge for companies is educating employees to recognize and report a threat. IBM has identified four types of potential insider threats:

  • The Pawn: An employee who performs malicious activities unaware of their actions. This includes downloading malware or disclosing credentials to fraudsters.
  • The Goof: Ignorant or arrogant users who believe the rules do not apply to them. Due to incompetence or convenience, the user will actively bypass security controls.
  • The Collaborator: Users who willingly cooperate with outsiders such as competitors, nation states or criminals.
  • The Lone Wolf: A user who acts with malicious intent, often in exchange for financial gain.

According to Ron Gula, president of Gula Tech Adventures, an investment company with a cyber focus, any of the above insiders can have serious implications for the business because of the opportunities even the slightest entry point can provide.

"Attackers can leapfrog the compromised employees' computer and set up the company for blackmail, theft of intellectual property and critical damage to the company's reputation," Gula said. 

So, whether the incident is inadvertent, as was the case at Twitter, or malicious, the damage will be the same. Companies must therefore train their employees to not only recognize the threat but understand the extent of the risk, including prosecution in some cases. 

Related Article: How Security Technology Enables the Digital Workplace

5 Ways to Minimize Insider Risks

While there's still some debate as to whether or not remote work increases the risk of cyber incidents, the fact remains that in today's digital workplace, there are many ways bad actors can gain access to a company's assets, regardless of where workers are located. From lack of training and misused resources, to distractions and unsecured networks, to unauthorized disclosure and corporate espionage, there are countless ways to get inside a corporation.

In its report, Microsoft says it's therefore best for companies to approach this risk from a holistic perspective. In other words, risk mitigation and awareness programs mustn't be limited to in-office or remote employees but should include the entire workforce.

Here are five ways to approach this:

1. Deterring: The first step, of course, is to deter potential threats. A cybersecurity research report said this includes having strong access controls, data encryption and usage or access policies that will discourage and deter insider threats.

2. Screening: This means blocking malicious threats from entering the business. Screening new hires is one of the best ways to handle this leg of the journey.

3. Multi-Authentication: Multi-authentication can prevent a great deal of cyber attacks, including those that stem from flawed user behavior such as poor password choices. To Cecily Wong, operations manager at cloud security company Styra, multi-authentication adds a layer of security that gives companies more control over access to organizational data and infrastructure. 

4. Training: Whether they work in the office, from home or from an internet cafe in Sao Paulo, employees should receive proper training on the risks they, themselves, can create inadvertently. Training is still one of the best ways to protect the company from insider threats.

5. Creating backups: Regularly backing up the company's infrastructure is key to ensure that data can be recovered and retained. Hackers are very adept at performing significant data losses or using ransomware — and they're getting better. Being prepared is a great step toward mitigating the extent of the losses in the event of an incident.


Featured Research

Related Stories

bird feeding out of a person's hand, suggesting trust and care

Information Management

Why Responsible AI Should Be on the Agenda of Every Enterprise

tandem skydiving with what looks like a very tiny parachute

Information Management

Can You Trust Zero Trust Networks in the Remote Workplace?

woman standing on ice looking up

Information Management

Headless CMS Vendors Seeking Growth Should Look Towards Content Services

Join Top Industry Leaders at the Most Impactful Employee Experience and Digital Workplace Conference of 2023

Reworked Connect