Understanding and Mitigating Insider Threats in Today's Remote-Work World

The insider threat menace has grown during the pandemic, worsened by an increase in credential theft and broader use of shadow IT.

Users are often the weak link that allows organizations to fall victim to cyberattacks, including ransomware, which has recently surged in the US. With the vast majority of the American workforce working from home due to the pandemic, many feel insider incidents have become more frequent.

However, only 24% of insider threats are malicious; the vast majority are caused by users who are careless or negligent (62%), according to Ponemon.

Why the Insider Threat Has Become More Intense
During the pandemic, insider threats have grown worse. The stress and uncertainty of the global health crisis make people more prone to errors like installing malware or falling prey to phishing emails aiming to harvest sensitive data.

Credential theft is also on the rise. Weak passwords are one common reason — 25% of people use insecure passwords because they are easier to remember, and weak passwords cause 30% of ransomware infections. Moreover, 53% of people reuse passwords for both corporate and personal accounts. Some of those personal accounts are for online services that lack adequate protections. For example, streaming services, which have become popular during the pandemic, are an enticing target for credential-stuffing attacks that can harvest passwords, which can then be used to access corporate systems.

Plus, there's the issue of shadow IT. Some 41% of remote employees use personal applications to access sensitive company data when working from home — applications that are not monitored by the IT team and therefore might contain vulnerabilities that hackers can exploit. In addition, many people use unapproved cloud services, often with the laudable intention of improving their productivity and the quality of their work. However, the company's sensitive data ends up residing outside of secure locations managed by the IT team, where hackers can compromise it.

More broadly, today's large-scale remote workforce diminishes the organization's visibility into the digital behavior of its users and hampers the IT department's ability to detect and resolve issues.

Strategies for Minimizing the Risk of Insider Threats
How can an organization minimize the risk of insider threats? It requires a comprehensive approach that involves implementing technology, revising processes, and talking to people.

The first step is putting a zero-trust framework into action. While full implementation can be a huge undertaking, organizations can start right away by enforcing strong password policies and enabling multifactor authentication. Then they can layer on user behavior analytics (UBA) to spot potentially risky behavior, especially around sensitive data, in time to investigate and respond before it leads to significant damage.

Increasing the IT team's ability to monitor the endpoints of both in-office and remote workers carefully is another essential measure. In particular, the IT team must be able to spot and remove any unauthorized applications promptly. For example, installation of the Dropbox client on a corporate device signals the IT team that the employee might be using an unapproved cloud hosting service for work — a common problem in the public sector.

To further mitigate the risks associated with shadow IT in the cloud, implement technologies that will alert the IT department when corporate data is leaving the secure corporate environment.

Underlying these measures is the need to take care of IT personnel. Some 80% of IT professionals say their job became more complex due to the digital transformation their company went through during the pandemic. Under such pressure, IT teams are just as prone to errors as their less-privileged colleagues. Even missing one update on a single machine could lead to a breach, as illustrated by new ransomware that targets a vulnerability in Microsoft Exchange Server, for which a patch had been released two months before. To minimize such risks, automate IT tasks, including patch management, whenever possible.

Last but not least, change the organization's culture. Inform employees about the enhanced security controls that are in place and explain the risks to the company if those controls are ignored or bypassed. It's important to move from a fear-based approach to security to a cybersecurity-conscious culture. Facilitate discussions about cybersecurity and encourage knowledgeable individuals to educate their peers. Emphasize how internalizing cybersecurity best practices will benefit not just the company, but transfer over into employees' personal lives.

Consider your employees' needs and points of view. If people are frustrated by unnecessarily complex processes, they are likely to try to work around them, putting the organization at risk. To avoid this, talk to people. Ask them why they want to use a certain unauthorized application and come up with an equally convenient but secure alternative. When people are happy and satisfied with their job, they are less susceptible to becoming insider threats.

Even in times of crisis, businesses are capable of making people the first line of defense — especially if they are armed with the right technology.